Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!psuvax1!wuarchive!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: SunOS and shared libraries, security aspects
Message-ID: <10831:Sep306:02:3090@kramden.acf.nyu.edu>
Date: 3 Sep 90 06:02:30 GMT
References: <4006@auspex.auspex.com> <13283@hydra.gatech.EDU>
Distribution: usa
Organization: IR
Lines: 16

In article <13283@hydra.gatech.EDU> gt0178a@prism.gatech.EDU (BURNS,JIM) writes:
> in article <4006@auspex.auspex.com>, guy@auspex.auspex.com (Guy Harris) says:
> >>Rather, it's to make login non-setuid in the first place. The only time
> >>login should run as root is from a controlled daemon, such as telnetd or
> >>getty.
> > I've no problem with that
> Excuse me, but I don't understand how login (su, rsh, rlogin) would be
> able to change your uid without using setuid(3) which is documented as
> needing superuser status:

It can't. All it can do without privileges is log you in as yourself
again, and not even that on some systems. As I said in the triple-quoted
comments, login should only run as root if it's run from a controlled
(root) daemon: this is necessary for security.

---Dan