> > By the same token, many people dont run /bin/login suid root. So in this > > instance, you're just swapping one privileged program for another? Is > > login better to have running as root than telnetd? > > > > Yes, (I would argue) it's better to have login setuid than telnet > (and rlogind, and whatever else) -- much better to have all the > trusted authentication code in one place, and what more logical > place than in login? telnetd and rlogind are a little harder for users to break than /bin/login. consider /bin/login - users can mess with its arguments, its environment etc. (yea yea i know BlixIX 4.5.645.6 clears its environment but its not the point). with telnetd/rlogind, you dont have control over invoking it so your options are more limited. > > > > Also what about changing ownership/permissions of your pty (on BSD based > > pty systems) on login/logout, and writing wtmp records on logout? > > > > The pty permission-setting mechanism on BSD based systems is > absolutely *disgusting* (IMHO) from a security perspective. very true > Do you really trust your wtmp file? ABSOLUTELY!!! Are you suggesting I should make it 666 or chown it to nobody so that an unpriviledged telnetd can write to it? init(8) likes to write to wtmp too, lets make that run as nobody :-) Then I could really trust it! Oh and dont forget the pagedaemon :-) ps could run without privileges as well if we made /dev/kmem and /dev/drum (or whatever) 644... Now theres an improvement. (Any ultrix people reading this? :-) -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk |