SunOS and shared libraries, security aspects
Guy Harris
guy at auspex.auspex.com
Mon Sep 3 08:07:26 AEST 1990
>Rather, it's to make login non-setuid in the first place. The only time
>login should run as root is from a controlled daemon, such as telnetd or
>getty.
I've no problem with that; others used to doing "login" from their
sessions might, but, well, you know what happens if you can't take a
joke....
However, "login" ain't the only program that will pass environment
variables through when it runs some program under another user ID (real
*and* effective *and* saved set-user), so making "login" non-set-UID
doesn't completely close the hole....
More information about the Comp.unix.internals
mailing list