Bug 1410 - /usr/bin/login is suid, with little requirement for this
Summary: /usr/bin/login is suid, with little requirement for this
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 2.1.0-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 1996-07-20 20:40 UTC by David E. O'Brien
Modified: 2020-09-16 20:38 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David E. O'Brien 1996-07-20 20:40:01 UTC
	/usr/bin/login is suid root
	(-r-sr-xr-x   1 root     root       20480 Nov 15  1995 login*
	-- from the FreeBSD 2.1-RELEASE Live FS)

	This was done orginially so that a different user could login to
	a terminal with a user already logged in.  (ie. exec login luser)

	There is little need for this today.  From a discussion on
	freebsd-security, many didn't know of this functionality, and
	no one claimed to depend on it.  If active Unix hobbiest didn't
	know of this functionality, IMHO few users will.

	From the standpoint of security, every suid root program is a
	danger to system security.  Therefore, there should be a good
	justification for each of them (tradition is not a good
	justification).  In light of FreeBSD's positioning as a prime
	choice for ISP implimentation, this is especially true.

Fix: 

I propose that future releases of FreeBSD do not install
	/usr/bin/login suid root.
How-To-Repeat: 
	ls -l  /usr/bin/login
Comment 1 Bruce Evans 1996-07-21 05:04:45 UTC
>	/usr/bin/login is suid root
>	(-r-sr-xr-x   1 root     root       20480 Nov 15  1995 login*
>	-- from the FreeBSD 2.1-RELEASE Live FS)

>	This was done orginially so that a different user could login to
>	a terminal with a user already logged in.  (ie. exec login luser)

>	There is little need for this today.  From a discussion on
>	freebsd-security, many didn't know of this functionality, and
>	no one claimed to depend on it.  If active Unix hobbiest didn't
>	know of this functionality, IMHO few users will.

I've found it useful for testing login stuff without risking a hangup.

Bruce
Comment 2 David E. O'Brien 1996-07-21 10:35:56 UTC
> >	/usr/bin/login is suid root
> >	(-r-sr-xr-x   1 root     root       20480 Nov 15  1995 login*
> >	-- from the FreeBSD 2.1-RELEASE Live FS)
> 
> >	This was done orginially so that a different user could login to
> >	a terminal with a user already logged in.  (ie. exec login luser)
> 
> >	There is little need for this today.  From a discussion on
> >	freebsd-security, many didn't know of this functionality, and
> >	no one claimed to depend on it.  If active Unix hobbiest didn't
> >	know of this functionality, IMHO few users will.
> 
> I've found it useful for testing login stuff without risking a hangup.
> Bruce

Makes sense in your case.  But IMHO, that is a special case.  And you
could manually make /usr/bin/login suid root on the machines you need
this functionality on.  But do you think /usr/bin/login should be suid
root in the general case?

-- David    (obrien@cs.ucdavis.edu)
Comment 3 scrappy freebsd_committer 1996-10-23 05:47:39 UTC
State Changed
From-To: open->feedback


This PR deals with changing the default install of login to be non-setuid... 
About the only reason that seems to exist for this is 'exec login <userid>' 
from a shell, and I personally share Bruce's reasoning for keeping it in there, 
as it allows testing of logins without having to hang up. 

The Originator talks about 'insecurity of setuid programs'...anyone know 
about security problems with login as a result of it being setuid? 

Comment 4 mpp freebsd_committer 1997-02-21 22:15:13 UTC
State Changed
From-To: feedback->closed

Bruce Evans has a good example of why to keep the setuid bit, 
and I have personally used this feature when some problem prevents 
me from getting access to the machine, and the only available login 
was from a non-privledged users logged in terminal. 
I was then able to run login, get access to my account, su 
and then fix the problem without a reobot.
Comment 5 Tia Hunter 2020-09-16 20:38:50 UTC
MARKED AS SPAM