su Security
arosen at ulowell.UUCP
arosen at ulowell.UUCP
Thu Feb 19 08:58:51 AEST 1987
>[1] If a user has the root password he can do what he want's to...
> There's nothing that prevents modifying the su program to
> check the tty from where the su is attempted to see whether it is a
> securetty...
An unauthorized user with the root password can do nothing if:
1: Root logins are restricted to the console. (This, of course, assumes
the console is physically protected from unauthorized users).
2: SU has been modified to allow only certain users to 'su root'.
The user needs the root password and a way to get a root shell. If these
two restrictions are put on a system, it won't let him in anywhere even
with the password.
UUCP : wanginst!ulowell!arosen
USnail: Andy Rosen
ULowell, Box #3031
Lowell, Ma 01854
More information about the Comp.unix.wizards
mailing list