[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (forw) Bug#298060: Please don't install login as setuid root

On Tue, Mar 08, 2005 at 05:03:11PM +0100, Wouter Verhelst wrote:
> Op za, 05-03-2005 te 22:56 -0800, schreef Matt Zimmerman:
> > On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> > 
> > > Security and release teams, may I have your advice about this suggestion?
> > > 
> > > As you may know, I currently act as maintainer for the shadow package,
> > > but I'm also aware of my own weaknesses when it comes at security (and
> > > security-related) issues so I prefer getting the advice of more
> > > competent people.
> > > 
> > > Given that installing login non setuid has been blessed for Ubuntu,
> > > I'm inclined to follow the suggestion, but doing so close to a release
> > > is maybe not wise.....so I'm seeking for advices..:-)
> > 
> > FWIW, We've been doing this for some time in Ubuntu, and no one has missed
> > it.  In this age of pseudoterminals and single-user systems...
> 
> On Linux.
> 
> I'm not exactly sure about this, but I think it might break the way the
> Hurd does a login. 

The hurd package currently ships its own /bin/login and
Provides/Replaces/Conflicts with the login package.

As to why that is suid as well, Roland McGrath once said[0]:

login   -- Falls back to unix-style if password server is not there.
           If we can presume the password server works, then we can
	   clear the setuid bit here.  (We could also remove the old
	   code, or leave it there for only root to be able to use w/o
	   server.)


I guess this is a good opportunity to review our suid login as well.


cheers,

Michael

-- 
[0] http://lists.gnu.org/archive/html/bug-hurd/2002-06/msg00130.html
Reply to: