mailing list archives
From: J.S.Peatfield () damtp cam ac uk (Jon Peatfield)
Date: Wed, 15 May 1996 21:37:00 BST
Just remove the setuid bit on /bin/login and this "problem" goes away.
(Assuming you have already fixed /etc/utmp,wtmp not to be world writable...)
Not a major security hole, just a bug in applications which trust utmp/wtmp.
- /bin/login Jon Peatfield (May 15)