su modifications posted to net.sources
jdb at mordor.UUCP
jdb at mordor.UUCP
Fri Feb 6 02:22:09 AEST 1987
In general, you do NOT want "su" to search an "/etc/su_people".
Having such a file multiplies the number of accounts which must
be secured against intrusion. It is difficult enough to protect
one account (root). With N entries in "/etc/su_people" there are
(effectively) N root accounts which can be attacked. It is much
harder to protect N passwords, N accounts' files, etc. than it is
to protect a single root password and the system directories.
[If you're using NFS, such a change is suicidal. NFS as distributed
from Sun [even in release 3.2] can be compromised to allow a local
user to read/write any non-root-only file (on an exported filesystem).
It is easy to create a mode 4755 file owned by anyone (except
root), which can be used to get a shell running under any user-id
(bad enough), which can be used to get a root shell via a
permissive "su".]
--
John Bruner (S-1 Project, Lawrence Livermore National Laboratory)
MILNET: jdb at mordor.s1.gov (415) 422-0758
UUCP: ...!ucbvax!decwrl!mordor!jdb ...!seismo!mordor!jdb
More information about the Comp.unix.questions
mailing list