Environment Poisoning and login -p
Mike Hoskins
mike at adept.org
Fri Feb 27 11:44:05 PST 2004
On Fri, 27 Feb 2004, Dag-Erling [iso-8859-1] Smørgrav wrote:
> Agreed, let's let this discussion die instead. login(1) is no longer
> setuid root, so the whole thing is a non-issue.
to be complete, i assume you mean under 5.x:
mike at snafu{mike}$ uname -r
4.8-RELEASE-p15
mike at snafu{mike}$ ls -al /usr/bin/login
-r-sr-xr-x 1 root wheel 21824 Feb 23 13:45 /usr/bin/login*
hard to believe, but not everyone is using 5.x. ;) still, since 5.x is
stable and fast (...er than 4.x in many ways), i agree making extra work
in the name of 4.x is probably not the best idea when development
resources are already scare.
(of course if someone is paranoid and wants to make relevant patches
against 4.x, and maintain them seperately, i'm sure at least some people
wouldn't object.)
-m
More information about the freebsd-security
mailing list