sux, an enhancer for su
Lael
lael at triton.unm.edu
Fri Apr 26 16:13:15 AEST 1991
In article <1991Apr25.174534.13912 at ux1.cso.uiuc.edu> peltz at cerl.uiuc.edu (Steve Peltz) writes:
>In article <462 at frcs.UUCP> paul at frcs.UUCP (Paul Nash) writes:
>>I recently hacked up a fairly trivial enhancer for `su', that allows
>>members of group `wheel' to su at will _without_ needing the root
>>password.
>
>su on our system requires the real uid to be root to avoid being asked for
>a password, so your program won't work. However, in those cases where it
>WILL work, wouldn't the following one-line shell script do just as well?
>Maybe there's a reason; maybe the "groups" command is Sun specific or
>something...
>
>Don't forget to change it to be owned by root and setuid and executable...
(rest of post deleted)
If you do this, you are making a big mistake, and opening up a root-sized
security hole. Probably not a very good idea. (never never never EVER
EVER make a shell script setuid anyone, especially root)
More information about the Alt.sources
mailing list