Re: (forw) Bug#298060: Please don't install login as setuid root

To: Bill Allombert <ballombe@master.debian.org>
Cc: team@security.debian.org, debian-release@lists.debian.org, 298060@bugs.debian.org, 298060-submitter@bugs.debian.org
Subject: Re: (forw) Bug#298060: Please don't install login as setuid root
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 6 Mar 2005 09:06:41 -0800
Message-id: <[🔎] 20050306170641.GW15737@alcor.net>
Mail-followup-to: Bill Allombert <ballombe@master.debian.org>, team@security.debian.org, debian-release@lists.debian.org, 298060@bugs.debian.org, 298060-submitter@bugs.debian.org
In-reply-to: <[🔎] 20050306111059.GA12048@master.debian.org>
References: <[🔎] 20050305143458.GL7778@mykerinos.kheops.frmug.org> <[🔎] 20050306065645.GQ15737@alcor.net> <[🔎] 20050306111059.GA12048@master.debian.org>

On Sun, Mar 06, 2005 at 05:10:59AM -0600, Bill Allombert wrote:

> On Sat, Mar 05, 2005 at 10:56:45PM -0800, Matt Zimmerman wrote:
> > FWIW, We've been doing this for some time in Ubuntu, and no one has
> > missed it.  In this age of pseudoterminals and single-user systems...
> 
> Because that is the targeted users of Ubuntu.

If someone told you that, they were misinformed.

> Is there a real security benefit ? Is the login implementation in Debian
> known to have security flaws ?

Those two questions are orthogonal, but the answer to the first is "yes".
Removing privilege this way is one of the few ways to provide a guarantee of
security: it would become impossible for any bug (discovered or
undiscovered) in login to result in a root compromise, except where it is
explicitly given root privileges (which I believe is only true on the
console per default).

> The bug report is not completly accurate: it is necessary for login to be
> suid root if you want to use it the way mentionned in the manpage:
> 
>        Typically,  login  is  treated  by the shell as exec login
>        which causes the user to  exit  from  the  current  shell.

There are a dozen ways to obtain the same result, without this setuid
program.

It makes little difference to me in practice whether this change is made or
not, but I do consider it appropriate and reasonable.

(what does this have to do with debian-release?)

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
  - From: Christian Perrier <bubulle@debian.org>

References:
- (forw) Bug#298060: Please don't install login as setuid root
  - From: Christian Perrier <bubulle@debian.org>
- Re: (forw) Bug#298060: Please don't install login as setuid root
  - From: Matt Zimmerman <mdz@debian.org>
- Re: (forw) Bug#298060: Please don't install login as setuid root
  - From: Bill Allombert <ballombe@master.debian.org>

Prev by Date: buildd build order [Was: arm buildd holdup?]
Next by Date: Re: freezing source packages that produce udebs
Previous by thread: Re: (forw) Bug#298060: Please don't install login as setuid root
Next by thread: Re: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
Index(es):
- Date
- Thread