Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!auspex!guy
From: guy@auspex.auspex.com (Guy Harris)
Newsgroups: comp.unix.internals
Subject: Re: SunOS and shared libraries, security aspects
Message-ID: <4009@auspex.auspex.com>
Date: 3 Sep 90 18:38:57 GMT
References: <4006@auspex.auspex.com> <13283@hydra.gatech.EDU> <10831:Sep306:02:3090@kramden.acf.nyu.edu>
Distribution: usa
Organization: Auspex Systems, Santa Clara
Lines: 18

>> Excuse me, but I don't understand how login (su, rsh, rlogin) would be
>> able to change your uid without using setuid(3) which is documented as
>> needing superuser status:
>
>It can't. All it can do without privileges is log you in as yourself
>again, and not even that on some systems. As I said in the triple-quoted
>comments, login should only run as root if it's run from a controlled
>(root) daemon: this is necessary for security.

Yup, and as for the other commands:

	1) "rsh" and "rlogin" use super-user privileges to get "privileged"
	   ports, not to change your uid; "rshd" and "rlogind", the
	   daemons, are the ones that change the UID, and they're not
	   set-UID;

	2) "su", however, *does* need to be setuid in order to be
	   useful, but also passes environment variables through....