tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: unsafe file permissions on /usr/bin/login



OK, well I have root with physical access to the box.

What is the reason for it being suid?  (besides csh)  Any one know any other uses of it in the system?

On Wed, Nov 28, 2018 at 12:07 PM Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
On Wed, Nov 28, 2018 at 09:51:10AM -0500, JP wrote:
> The suid bit is set on the /usr/bin/login binary.  This results in the
> system being susceptible to a manual (login) attack on user accounts
> (including root).  An attack can be initiated by any user with a shell.
> (Also, consider a system with no root password - my preferred)

Actually it won't allow root login, I just checked it (because it's not
run from a terminal marked secure in /etc/ttys I guess).
It allows you to login as another, non-root user - much like su(1).
I can't see why it would be worse than su.

--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index