Re: (forw) Bug#298060: Please don't install login as setuid root
- To: Wouter Verhelst <wouter@grep.be>
- Cc: Matt Zimmerman <mdz@debian.org>, Christian Perrier <bubulle@debian.org>, team@security.debian.org, debian-release@lists.debian.org, 298060@bugs.debian.org, 298060-submitter@bugs.debian.org, debian-hurd@lists.debian.org
- Subject: Re: (forw) Bug#298060: Please don't install login as setuid root
- From: Samuel Thibault <samuel.thibault@labri.fr>
- Date: Tue, 8 Mar 2005 17:43:39 +0100
- Message-id: <[🔎] 20050308164339.GB5984@implementation.labri.fr>
- Mail-followup-to: Wouter Verhelst <wouter@grep.be>, Matt Zimmerman <mdz@debian.org>, Christian Perrier <bubulle@debian.org>, team@security.debian.org, debian-release@lists.debian.org, 298060@bugs.debian.org, 298060-submitter@bugs.debian.org, debian-hurd@lists.debian.org
- In-reply-to: <[🔎] 1110297792.8417.73.camel@country.grep.be>
- References: <[🔎] 20050305143458.GL7778@mykerinos.kheops.frmug.org> <[🔎] 20050306065645.GQ15737@alcor.net> <[🔎] 1110297792.8417.73.camel@country.grep.be>
Wouter Verhelst, le mar 08 mar 2005 17:03:11 +0100, a dit :
> Op za, 05-03-2005 te 22:56 -0800, schreef Matt Zimmerman:
> > On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> >
> > > Security and release teams, may I have your advice about this suggestion?
> > >
> > > As you may know, I currently act as maintainer for the shadow package,
> > > but I'm also aware of my own weaknesses when it comes at security (and
> > > security-related) issues so I prefer getting the advice of more
> > > competent people.
> > >
> > > Given that installing login non setuid has been blessed for Ubuntu,
> > > I'm inclined to follow the suggestion, but doing so close to a release
> > > is maybe not wise.....so I'm seeking for advices..:-)
> >
> > FWIW, We've been doing this for some time in Ubuntu, and no one has missed
> > it. In this age of pseudoterminals and single-user systems...
>
> On Linux.
>
> I'm not exactly sure about this, but I think it might break the way the
> Hurd does a login. On The Hurd, you don't get a login prompt; rather,
> you get a login /shell/ which allows you to do some things without
> having been logged on; loggin in then requires you to do 'login <user>'.
> It /might/ be the case that this requires /bin/login to be setuid root,
> but I'm not sure. Hurd developers (Cc'ed), care to shed some light here?
It does even *less* need to be setuid root: login way be run without
*any* identity: it gets uid from the passwd server in exchange of the
correct password for the uid. No need to be root for that.
Regards,
Samuel Thibault
Reply to: