Re: why is /bin/login suid root on some systems?
From: Casper H.S. Dik (Casper.Dik@Sun.COM)Date: 08/28/02
- Next message: Barry Margolin: "Re: Doubts in shellcode !?"
- Previous message: srt@nospam.unt.edu: "Re: Doubts in shellcode !?"
- In reply to: Ralf Fassel: "Re: why is /bin/login suid root on some systems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Casper H.S. Dik <Casper.Dik@Sun.COM> Date: 28 Aug 2002 17:06:46 GMT
Ralf Fassel <ralfixx@gmx.de> writes:
>* Barry Margolin <barmar@genuity.net>
>| The builtin checks whether it's being run from a login shell, and
>| reports an error if not. If you execute /bin/login directly, on
>| Solaris 2.6 it checks whether there's a utmpx entry for the current
>| tty; if there isn't, it assumes you're not in a login shell.
>|
>| I don't think early versions had all these checks; they become more
>| necessary with the advent of window systems.
>Just being curious: why would it be necessary to check for a login
>shell before exec login? Any security related issues? Or just that
>`who' does report the wrong things?
Some stuff depends on getlogin(); I remember sending mail after doing
login in a subshell "(login friend)" and logging back out; the mail
still had my friend's name as "from" address.
Casper
-- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.
- Next message: Barry Margolin: "Re: Doubts in shellcode !?"
- Previous message: srt@nospam.unt.edu: "Re: Doubts in shellcode !?"
- In reply to: Ralf Fassel: "Re: why is /bin/login suid root on some systems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
