Why you shouldn't chmod 500 /bin/login
Andrew Klossner
andrew at orca.UUCP
Mon Nov 19 19:08:07 AEST 1984
[No white space here. Better luck next time, news eater bug]
"Make /bin/login mode 500 owned by root and it will fail on
exec, usually causing /etc/init to fork another copy of itself
and the new user to thus get a fresh copy of /bin/login for
normal login, or (perhaps with parentheses) an error message
from the shell. This mode also makes realistic login
simulators (of the sort that want to collect your password)
harder to write, since they can't just exec /bin/login
afterwards and leave the user no wiser."
The big win of the builtin shell "login" command is that it logs me out
and lets you log in without hanging up the modem line. If you chmod
500 /bin/login, then the line will drop when exec("/bin/login") fails.
Inconvenient.
-- Andrew Klossner (decvax!tektronix!orca!andrew) [UUCP]
(orca!andrew.tektronix at csnet-relay) [ARPA]
More information about the Comp.unix.wizards
mailing list