Subject: Re: BSD auth for NetBSD
To: Roland Dowdeswell <>
From: Noriyuki Soda <>
List: tech-security
Date: 09/14/2003 09:39:17
>>>>> On Sat, 13 Sep 2003 20:21:43 -0400,
	Roland Dowdeswell <> said:

> Also, programs like login(1) or su(1) are not good examples because
> they must be setuid root anyway to change the uid upon successful
> authentication.

Well, login(1) isn't setuid root on OpenBSD.
It seems Joerg and itojun misunderstood that the reason is because
OpenBSD is using BSD auth.  The correct reason is because OpenBSD
abandoned the traditional feature that users can change their
login-user from their login-shell, though.

Of course, su(1) is still setuid root even on OpenBSD.