Re: (forw) Bug#298060: Please don't install login as setuid root
/* Leave only firstname.lastname@example.org */
Michael Banck wrote:
login -- Falls back to unix-style if password server is not there.
If we can presume the password server works, then we can
clear the setuid bit here. (We could also remove the old
code, or leave it there for only root to be able to use w/o
I guess this is a good opportunity to review our suid login as well.
Detailed explanation for why /bin/login is Set-UID can be found in
I think that the first problem, with proc_setowner, can be fixed by just putting
it lower in the code or something like that -- I'm not sure.
But I don't know if we can handle chown tty without Set-UID.