> We don't run login set-uid and have done so for quite some time. > You need to make sure that login checks the return values of setuid() > though, or you'll have surprising effects. Login is usually started > by root (from getty, ttymon, telnetd, rlogind, etc) and only seldom > by normal users (login command in all shells). > > We have not noticed any adverse side effect of this change, the positive > effects are: > - one les set-uid program > - impossible to remove you remote host entry from utmp/wtmp > - impossible to hide who you are with: > (login user) [subshell] follwoed by logout. The same benefits/effects could be gotten by running login suid but only allowing certain users (ie. the telnetd) to run it. On systems with ACL's, like HPUX, this is trivial to do. > Casper