Environment Poisoning and login -p

Mike Hoskins mike at adept.org
Fri Feb 27 11:44:05 PST 2004

On Fri, 27 Feb 2004, Dag-Erling [iso-8859-1] Smørgrav wrote:
> Agreed, let's let this discussion die instead.  login(1) is no longer
> setuid root, so the whole thing is a non-issue.

to be complete, i assume you mean under 5.x:

mike at snafu{mike}$ uname -r
mike at snafu{mike}$ ls -al /usr/bin/login
-r-sr-xr-x  1 root  wheel  21824 Feb 23 13:45 /usr/bin/login*

hard to believe, but not everyone is using 5.x.  ;)  still, since 5.x is
stable and fast (...er than 4.x in many ways), i agree making extra work
in the name of 4.x is probably not the best idea when development
resources are already scare.

(of course if someone is paranoid and wants to make relevant patches
against 4.x, and maintain them seperately, i'm sure at least some people
wouldn't object.)


More information about the freebsd-security mailing list