su modifications posted to net.sources
dce at mips.UUCP
dce at mips.UUCP
Sat Feb 7 07:04:05 AEST 1987
In article <1599 at mordor.s1.gov> jdb at mordor.UUCP (John Bruner) writes:
>In general, you do NOT want "su" to search an "/etc/su_people".
>Having such a file multiplies the number of accounts which must
>be secured against intrusion. It is difficult enough to protect
>one account (root). With N entries in "/etc/su_people" there are
>(effectively) N root accounts which can be attacked. It is much
>harder to protect N passwords, N accounts' files, etc. than it is
>to protect a single root password and the system directories.
>
I agree that these modifications can be quite dangerous, and I tried
to point this out in the changes to the manual page.
On the other hand, there are people that are going to want this (try
convincing the people here that this command should not exist, and
you'll see what I mean). A lot of the hassles we solve by using
"ssu" should be solveable by using groups, but it has been felt
that trying to implement groups at this time would not be worth
the trouble.
In any environment other than a software development environment, free
root access is very bad. On the other hand, many of our customers
are software developers.
One thing you must admit, though, is that these modifications are
a lot more manageable than the setuid shell script that says:
#!/bin/sh
${SHELL-"/bin/sh"}
or the setuid C program that checks a list of userid numbers and
executes a shell. At least there is some semblance of "safety".
I would like to thank you for pointing out the problem with NFS,
and this information will certainly be found in our NFS release.
--
David Elliott
UUCP: {decvax,ucbvax,ihnp4}!decwrl!mips!dce, DDD: 408-720-1700
More information about the Comp.unix.questions
mailing list