tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: unsafe file permissions on /usr/bin/login



The file should not be suid

On Wed, Nov 28, 2018 at 10:50 AM Joerg Sonnenberger <joerg%bec.de@localhost> wrote:
On Wed, Nov 28, 2018 at 09:51:10AM -0500, JP wrote:
> The suid bit is set on the /usr/bin/login binary.  This results in the
> system being susceptible to a manual (login) attack on user accounts
> (including root).  An attack can be initiated by any user with a shell.
> (Also, consider a system with no root password - my preferred)

WTF are you talking about. Using /usr/bin/login is not an attack. It's a
*login*.

Joerg


Home | Main Index | Thread Index | Old Index