su(1) bug
Ning Zhang
unido!zgdvda!zhang at uunet.uu.net
Tue Apr 25 14:47:38 AEST 1989
On SunOS 3.5 and Ultrix (2.x and 3.0) systems here, su(1) still cannot
correctly track super-user log. On Ultrix, the follow shows su(1) tells
nothing about who has become a super-user or who has tried su(1) command
but failed.
su < /dev/tty
Then a message like "SU: /dev/tty" will be printed out on console, and
"SU: /dev/tty Wed Apr 5 12:25:40 1989" in /usr/adm/sulog. Any comments?
Perhaps, Ultrix's su(1), rexecd(8), rshd(8), etc. should do more checking.
On SunOS 3.5, I got "SU: (null) /dev/tty" on console.
Ning Zhang
PS: su "" < /dev/tty if there is a line "::0:0:::" in /etc/passwd!
More information about the Comp.sys.sun
mailing list