su Security
kimcm at olamb.UUCP
kimcm at olamb.UUCP
Sat Feb 14 00:24:07 AEST 1987
In article <4263 at brl-adm.ARPA>, rgenter at j.bbn.COM (Rick Genter) writes:
> A program to check a table of users to see if they are authorized to
> execute 'su' is of limited utility, if any. If a user has the root
> password and they are excluded from running 'su', there is nothing to
> prevent them from just running 'login' and logging in as the superuser.
> If you are going to modify 'su', you might as well modify 'login' as
> well, perhaps to ask a second password or to check from which terminal
> the login is being attempted (except that I believe System V already
> does this through the use of /etc/securetty?).
> - Rick
[1] If a user has the root password he can do what he want's to including
putting himself on the list of allowed su users. But that's not the
point. A user in the su allowed group doesn't have to know the root
password. There's nothing that prevents modifying the su program to
check the tty from where the su is attempted to see whether it is a
securetty, I believe that even would be a win. thereby you'll prevent
super-user sessions from unwanted ttys such as dial in lines etc.
[2] The system V approach (at least on my 3B computer) is even more
restrictive with root login's. No it doesn't follow the BSD standard
with /etc/securetty, but have hardcoded into the login program that
root is only allowed to log in on the console. Too bad if you like
me doesn't have the source code, yes you can make a new login program
that have all the "nasty" & nice features of BSD systems like
/etc/securetty ~/.hushlogin /etc/nologin etc...
Kindly Regards
Kim Chr. Madsen
More information about the Comp.unix.wizards
mailing list