Re: unsafe file permissions on /usr/bin/login

To: tech-security%netbsd.org@localhost
Subject: Re: unsafe file permissions on /usr/bin/login
From: JP <rlntlss83%gmail.com@localhost>
Date: Wed, 28 Nov 2018 10:56:05 -0500

The file should not be suid

On Wed, Nov 28, 2018 at 10:50 AM Joerg Sonnenberger <joerg%bec.de@localhost> wrote:

On Wed, Nov 28, 2018 at 09:51:10AM -0500, JP wrote:
> The suid bit is set on the /usr/bin/login binary. This results in the
> system being susceptible to a manual (login) attack on user accounts
> (including root). An attack can be initiated by any user with a shell.
> (Also, consider a system with no root password - my preferred)

WTF are you talking about. Using /usr/bin/login is not an attack. It's a
*login*.

Joerg

Follow-Ups:
- Re: unsafe file permissions on /usr/bin/login
  - From: JP
- Re: unsafe file permissions on /usr/bin/login
  - From: Martin Husemann

References:
- unsafe file permissions on /usr/bin/login
  - From: JP
- Re: unsafe file permissions on /usr/bin/login
  - From: Joerg Sonnenberger

Prev by Date: Re: unsafe file permissions on /usr/bin/login
Next by Date: Re: unsafe file permissions on /usr/bin/login
Previous by Thread: Re: unsafe file permissions on /usr/bin/login
Next by Thread: Re: unsafe file permissions on /usr/bin/login
Indexes:

Home | Main Index | Thread Index | Old Index