Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: Solaris 2.3 login

Re: Solaris 2.3 login

David Barr (barrpop.psu.edu)
Sun, 14 Aug 1994 19:36:40 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Art Schoenstadt: "Re: bugtraq-digest V1 #13"
Previous message: Marc W. Mengel: "Re: Solaris 2.3 login"
Maybe in reply to: Jas: "Solaris 2.3 login"

In message <9408131143.AA04455iridium>, "Christopher A. Stewart" writes:
>abit..) Actually what it turns out to be is a process where the ruid
>!= euid the system won't dump core for it.. So if the Solaris login is
>dumping core when someone envokes in on the command line, it must be
>doing a setuid(0) early in the code.. I wonder why? 

Since login is invoked by root, it's not a security problem.  (at least
not in the usual sense of suid programs dumping core)  The problem of
login dumping core would be there even if login were not suid root.
(and in many installations it isn't)  When login gets invoked in normal
logins (from getty, etc), ruid = euid.

--Dave

Next message: Art Schoenstadt: "Re: bugtraq-digest V1 #13"
Previous message: Marc W. Mengel: "Re: Solaris 2.3 login"
Maybe in reply to: Jas: "Solaris 2.3 login"