another 'su encancer'

[Kee Hinckley]

In article <1991Apr26.142736.21272 at convex.com> tchrist at convex.COM (Tom Christiansen) writes:
>I think you guys are missing the point.  Any command that grants 
>unrestricted privilege to even one user without confronting them
>with a password is a security hole.  All I have to do is be that 
>user, through Trojan horses, people absent from their offices, 
>TIOCSTI usurpation, etc.  

What kind of places do you guys work anyway?  Does paranoia
really reign supreme?  The last place I worked had around 2000
workstations all on the same remote file system (none of this NFS
mount nonsense) and I'd say that 1 out of every 10 people (at the
least) had a command lying around so they could become root as
necessary.  Boom, instant access to over a terabyte of data.  Sure
it was possible to disable remote root access - but hardly anyone
did.  Besides which, most everything was at least _readable_ by
everybody.

Unauthorized root privileges aren't a security problem, they're
a social problem.
-- 
Alfalfa Software, Inc.          |       Poste:  The EMail for Unix
nazgul at alfalfa.com              |       Send Anything... Anywhere
617/646-7703 (voice/fax)        |       info at alfalfa.com

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.