On Sun, Mar 06, 2005 at 05:10:59AM -0600, Bill Allombert wrote: > On Sat, Mar 05, 2005 at 10:56:45PM -0800, Matt Zimmerman wrote: > > FWIW, We've been doing this for some time in Ubuntu, and no one has > > missed it. In this age of pseudoterminals and single-user systems... > > Because that is the targeted users of Ubuntu.
If someone told you that, they were misinformed. > Is there a real security benefit ? Is the login implementation in Debian > known to have security flaws ? Those two questions are orthogonal, but the answer to the first is "yes". Removing privilege this way is one of the few ways to provide a guarantee of security: it would become impossible for any bug (discovered or undiscovered) in login to result in a root compromise, except where it is explicitly given root privileges (which I believe is only true on the console per default). > The bug report is not completly accurate: it is necessary for login to be > suid root if you want to use it the way mentionned in the manpage: > > Typically, login is treated by the shell as exec login > which causes the user to exit from the current shell. There are a dozen ways to obtain the same result, without this setuid program. It makes little difference to me in practice whether this change is made or not, but I do consider it appropriate and reasonable. (what does this have to do with debian-release?) -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
