Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!auspex!guy
From: guy@auspex.auspex.com (Guy Harris)
Newsgroups: comp.unix.internals
Subject: Re: SunOS and shared libraries, security aspects
Message-ID: <4006@auspex.auspex.com>
Date: 2 Sep 90 22:07:26 GMT
References: <1990Aug29.033933.10062@santra.uucp> <3991@auspex.auspex.com> <5643:Sep122:09:4190@kramden.acf.nyu.edu>
Distribution: usa
Organization: Auspex Systems, Santa Clara
Lines: 12

>Rather, it's to make login non-setuid in the first place. The only time
>login should run as root is from a controlled daemon, such as telnetd or
>getty.

I've no problem with that; others used to doing "login" from their
sessions might, but, well, you know what happens if you can't take a
joke....

However, "login" ain't the only program that will pass environment
variables through when it runs some program under another user ID (real
*and* effective *and* saved set-user), so making "login" non-set-UID
doesn't completely close the hole....