>>>>> "Darren" == Darren Reed <avalon @
Darren> Much has been said about what should and shouldn't run on bastion
Darren> hosts, and that they shouldn't be trusted by anyone, so, how
Darren> plausible is it to remove the setuid and setgid bits on _every_
Darren> executeable/directory/normal file on one ? Will local mail fail
Darren> (/bin/mail needs setuid-root) ?
Don't remove setUID on /bin/login, for example.
Could someone with more detailed information explain why this is,
though? In the "classic" configuration, init launches getty which
then launches login. I'm looking at SunOS, one of the few platforms
we have around here which doesn't use XDM, and I see getty on the
console running as root. When it launches login, it's still going to
be root, even if login isn't setUID. In the rlogin environment,
in.rlogind runs as root, so when it launches login, it's still root.
Similarly for telnet, wherein in.telnetd runs as root. So why does
login need setUID?
I'm not interested in trying it, I'm just curious to understand.$$
INET: Mark-Ludwig @
COM NIC: ML255 ICBM: USA; Lower Left Coast
"Cigarettes ... are not a drug."
-- Tom Lorea from the Tobacco Institute