Re: (forw) Bug#298060: Please don't install login as setuid root

[Bill Allombert <ballombe@master.debian.org>]

On Sat, Mar 05, 2005 at 10:56:45PM -0800, Matt Zimmerman wrote:
> On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> 
> > Security and release teams, may I have your advice about this suggestion?
> > 
> > As you may know, I currently act as maintainer for the shadow package,
> > but I'm also aware of my own weaknesses when it comes at security (and
> > security-related) issues so I prefer getting the advice of more
> > competent people.
> > 
> > Given that installing login non setuid has been blessed for Ubuntu,
> > I'm inclined to follow the suggestion, but doing so close to a release
> > is maybe not wise.....so I'm seeking for advices..:-)
> 
> FWIW, We've been doing this for some time in Ubuntu, and no one has missed
> it.  In this age of pseudoterminals and single-user systems...

Because that is the targeted users of Ubuntu. Debian as a much wider range
of use than single-user systems. 

Is there a real security benefit ? Is the login implementation in Debian
known to have security flaws ?

The bug report is not completly accurate: it is necessary for login to be
suid root if you want to use it the way mentionned in the manpage:

       Typically,  login  is  treated  by the shell as exec login
       which causes the user to  exit  from  the  current  shell.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.