another 'su encancer'
Tom Christiansen
tchrist at convex.COM
Sat Apr 27 00:27:36 AEST 1991
>From the keyboard of muts at fysak.fys.ruu.nl (Peter Mutsaers):
:Now that we are discussing a su encancer etc., here is a 'root' program that
:I've been using the last 1.5 year.
:The syntax is 'root command [args]' and runs one command with su privilege.
:It is quite safe, and checks if the uid is right. (only works for one user).
I think you guys are missing the point. Any command that grants
unrestricted privilege to even one user without confronting them
with a password is a security hole. All I have to do is be that
user, through Trojan horses, people absent from their offices,
TIOCSTI usurpation, etc.
--tom
More information about the Alt.sources.d
mailing list