SunOS and shared libraries, security aspects
Guy Harris
guy at auspex.auspex.com
Tue Sep 4 04:38:57 AEST 1990
>> Excuse me, but I don't understand how login (su, rsh, rlogin) would be
>> able to change your uid without using setuid(3) which is documented as
>> needing superuser status:
>
>It can't. All it can do without privileges is log you in as yourself
>again, and not even that on some systems. As I said in the triple-quoted
>comments, login should only run as root if it's run from a controlled
>(root) daemon: this is necessary for security.
Yup, and as for the other commands:
1) "rsh" and "rlogin" use super-user privileges to get "privileged"
ports, not to change your uid; "rshd" and "rlogind", the
daemons, are the ones that change the UID, and they're not
set-UID;
2) "su", however, *does* need to be setuid in order to be
useful, but also passes environment variables through....
More information about the Comp.unix.internals
mailing list