login bug? Fix?

[Cathey, Jim]

>Another one - is it a problem that our login does not setsid?
>Wouldn't it make it susceptible to attacks from processes
>in its process group or session? Those processes
>are "untrusted" since potentially they are run by non-root.

We have noticed no problems, but are not Unix experts.
My own experience predates setsid(), anyway!  (SVR2 and
its workalike, Dnix.)

I would guess that following the lead of big-brother login
would be a fairly safe choice at this point.

Our own deployed environment won't even allow root logins,
nor any other account than the special ones we create, except
in special debugging builds.  You normally never get a regular
shell, only our custom app.  So I guess that we aren't too
worried about this point.  Not right now, anyway.

--
vda