> > Also, programs like login(1) or su(1) are not good examples because
> > they must be setuid root anyway to change the uid upon successful
> > authentication.
> 
> Well, login(1) isn't setuid root on OpenBSD.
> It seems Joerg and itojun misunderstood that the reason is because
> OpenBSD is using BSD auth.  The correct reason is because OpenBSD
> abandoned the traditional feature that users can change their
> login-user from their login-shell, though.

	have you ever used recent OpenBSD?  login(1) in OpenBSD will exec su(1)
	if username is passed, and effectively preserves "login foo" behavior.
	if you have commnted without checking the fact, i suggest you to do
	fact-checking before you post next time.

itojun


openbsd usr.bin/login/login.c
----------------------------
revision 1.49
date: 2002/10/16 01:08:56;  author: millert;  state: Exp;  lines: +61 -39
Remove the setuid bit from /usr/bin/login.  If login is run by a user
with a non-zero euid, it will now exec "su -L -l".  The only things
that need to do this are shells with a "login" builtin and the emulation
that su(1) now does is good enough for this purpose.