tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: unsafe file permissions on /usr/bin/login



and why does a user need to use login from their command line?

On Wed, Nov 28, 2018 at 12:34 PM Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
On Wed, Nov 28, 2018 at 12:27:39PM -0500, JP wrote:
> OK, well I have root with physical access to the box.

Yes, exactly the same way to can log in as root from the login prompt,
as getty calls /usr/bin/login ...

> What is the reason for it being suid?

So that users can actually use it, I guess ...

--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index