"asroot" command (was: Enchancements to SCO UNIX C2 Security)
Tom Fitzgerald
fitz at wang.com
Thu Feb 28 03:06:49 AEST 1991
paulz at sco.COM (W. Paul Zola) writes:
> The supplement name is "The SCO UNIX System V/386 Release 3.2 Security
> Supplement", and the SLS number is unx257. This SLS is availible
> for anonymous UUCP via sosco, and through the usual support channels.
[...]
> The utility, asroot(ADM) that allows an authorized user to run a defined
> set of commands as superuser without the root password.
One warning to people who install this thing - commands like "asroot" (and
"sudo", a PD version of the same thing) are substantial security holes.
Personally I've had great luck penetrating root on any system where these
tools are installed. Not because they're holes themselves, but because
user accounts are usually much easier to break into than the root account,
and these tools give you a free ride from the user's account into root.
"rm asroot" is strongly recommended.
---
Tom Fitzgerald Wang Labs fitz at wang.com
1-508-967-5278 Lowell MA, USA ...!uunet!wang!fitz
More information about the Comp.unix.sysv386
mailing list