/* Leave only debian-hurd@l.d.o */ Michael Banck wrote:
login -- Falls back to unix-style if password server is not there. If we can presume the password server works, then we can clear the setuid bit here. (We could also remove the old code, or leave it there for only root to be able to use w/o server.) I guess this is a good opportunity to review our suid login as well.
Detailed explanation for why /bin/login is Set-UID can be found in http://lists.gnu.org/archive/html/bug-hurd/2004-08/msg00273.html
I think that the first problem, with proc_setowner, can be fixed by just putting it lower in the code or something like that -- I'm not sure.
But I don't know if we can handle chown tty without Set-UID. Regards, ogi