Re: unsafe file permissions on /usr/bin/login

To: JP <rlntlss83%gmail.com@localhost>
Subject: Re: unsafe file permissions on /usr/bin/login
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Wed, 28 Nov 2018 18:07:08 +0100

On Wed, Nov 28, 2018 at 09:51:10AM -0500, JP wrote:
> The suid bit is set on the /usr/bin/login binary.  This results in the
> system being susceptible to a manual (login) attack on user accounts
> (including root).  An attack can be initiated by any user with a shell.
> (Also, consider a system with no root password - my preferred)

Actually it won't allow root login, I just checked it (because it's not
run from a terminal marked secure in /etc/ttys I guess).
It allows you to login as another, non-root user - much like su(1).
I can't see why it would be worse than su.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: unsafe file permissions on /usr/bin/login
  - From: JP

References:
- unsafe file permissions on /usr/bin/login
  - From: JP

Prev by Date: Re: unsafe file permissions on /usr/bin/login
Next by Date: Re: unsafe file permissions on /usr/bin/login
Previous by Thread: Re: unsafe file permissions on /usr/bin/login
Next by Thread: Re: unsafe file permissions on /usr/bin/login
Indexes:

Home | Main Index | Thread Index | Old Index