On Wed, Nov 28, 2018 at 09:51:10AM -0500, JP wrote:
> The suid bit is set on the /usr/bin/login binary. This results in the
> system being susceptible to a manual (login) attack on user accounts
> (including root). An attack can be initiated by any user with a shell.
> (Also, consider a system with no root password - my preferred)
Actually it won't allow root login, I just checked it (because it's not
run from a terminal marked secure in /etc/ttys I guess).
It allows you to login as another, non-root user - much like su(1).
I can't see why it would be worse than su.
--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
--