Re: (forw) Bug#298060: Please don't install login as setuid root
Christian Perrier wrote:
> Security and release teams, may I have your advice about this suggestion?
>
> As you may know, I currently act as maintainer for the shadow package,
> but I'm also aware of my own weaknesses when it comes at security (and
> security-related) issues so I prefer getting the advice of more
> competent people.
>
> Given that installing login non setuid has been blessed for Ubuntu,
> I'm inclined to follow the suggestion, but doing so close to a release
> is maybe not wise.....so I'm seeking for advices..:-)
When no code needs to be changed but only the suid bit dropped
and login still works as expected, I don't see a reason not to
drop the setuid bit, even the contrary, I wonder why it is setuid
root in the first place.
Regards,
Joey
--
If nothing changes, everything will remain the same. -- Barne's Law
Please always Cc to me when replying to me on the lists.
Reply to: