Subject: Re: BSD auth for NetBSD
To: None <firstname.lastname@example.org>
From: Jun-ichiro itojun Hagino <email@example.com>
Date: 09/14/2003 11:19:58
> > Also, programs like login(1) or su(1) are not good examples because
> > they must be setuid root anyway to change the uid upon successful
> > authentication.
> Well, login(1) isn't setuid root on OpenBSD.
> It seems Joerg and itojun misunderstood that the reason is because
> OpenBSD is using BSD auth. The correct reason is because OpenBSD
> abandoned the traditional feature that users can change their
> login-user from their login-shell, though.
have you ever used recent OpenBSD? login(1) in OpenBSD will exec su(1)
if username is passed, and effectively preserves "login foo" behavior.
if you have commnted without checking the fact, i suggest you to do
fact-checking before you post next time.
date: 2002/10/16 01:08:56; author: millert; state: Exp; lines: +61 -39
Remove the setuid bit from /usr/bin/login. If login is run by a user
with a non-zero euid, it will now exec "su -L -l". The only things
that need to do this are shells with a "login" builtin and the emulation
that su(1) now does is good enough for this purpose.