Re: (forw) Bug#298060: Please don't install login as setuid root
On Sun, Mar 06, 2005 at 05:10:59AM -0600, Bill Allombert wrote:
> On Sat, Mar 05, 2005 at 10:56:45PM -0800, Matt Zimmerman wrote:
> > FWIW, We've been doing this for some time in Ubuntu, and no one has
> > missed it. In this age of pseudoterminals and single-user systems...
> Because that is the targeted users of Ubuntu.
If someone told you that, they were misinformed.
> Is there a real security benefit ? Is the login implementation in Debian
> known to have security flaws ?
Those two questions are orthogonal, but the answer to the first is "yes".
Removing privilege this way is one of the few ways to provide a guarantee of
security: it would become impossible for any bug (discovered or
undiscovered) in login to result in a root compromise, except where it is
explicitly given root privileges (which I believe is only true on the
console per default).
> The bug report is not completly accurate: it is necessary for login to be
> suid root if you want to use it the way mentionned in the manpage:
> Typically, login is treated by the shell as exec login
> which causes the user to exit from the current shell.
There are a dozen ways to obtain the same result, without this setuid
It makes little difference to me in practice whether this change is made or
not, but I do consider it appropriate and reasonable.
(what does this have to do with debian-release?)