Bug#350040: [Pkg-shadow-devel] Bug#350040: acknowledged by developer (Bug definitely not a bug)

Tomasz Kłoczko kloczek at zie.pg.gda.pl
Sat Mar 4 16:12:38 UTC 2006

Dnia 03-03-2006, pią o godzinie 16:35 -0500, Jeffrey Sheinberg
> Debian Bug Tracking System writes:
>  > After investigation and advices from the shadow maintenance team and
>  > the upstream author, it has been concluded, mostly to Tomasz Klockzko
>  > that this bug is not to be considered a bug.
>  > 
>  > Haining root access should be made with su or sudo in these days where
>  > login is PAMified.
> Hi,
> Please re-open this *bug*.
> I do not agree with your conclusion because long standing
> functional behavior is being arbitrarily removed.

Look at login(1) man page. There is no information about this
fuctionality. It was removed for not duplicate some functionalities. Tgi
allow remove one suid root (from login).
Yes, I know that login from for example Solaris allow this behavior and
login(1) from util-linux have:

	login  is  used  when signing onto a system.  It can also be
	used to switch from one user to another at any time (most
	modern shells have support for this feature built into them,

but in this case this is untrue from long time ago (~from time where
login was rewrited for use PAM).

> Note that I work from an xterm using an alternate root (uid=0)
> login.

Point which dissallow compare login and xterm: xterm does not perform
authentications but login does it.

Authentication procedure desscribed usualy in /etc/pam.d/login in
practise dissallow use this program from non-root user account (specialy
runed from tty's not listed in /etc/securetty)
Using suid root login and this rules from non-root account is ortogonal.
Before make login suid root you must change /etc/pam.d/login.

> Using sudo as an alternative is out of the question.
> Using su is possible, but it can be easily detected when su is
> invoked with the --login option.  So, is this a bug in su?

Sorry but describe precisely what is in your opinion bug in case su ? 
I do not undestand about what you are talking.

>  And I don't yet know what other infelicities will be detected using su.
> I just want the prior *reasonable* and *well known* behavior of
> login to be restored.  

Probably best way will be try use .. time machine for back ~10 years
ago :)


More information about the Pkg-shadow-devel mailing list