su modifications posted to net.sources

jdb at mordor.UUCP jdb at mordor.UUCP
Fri Feb 6 02:22:09 AEST 1987


In general, you do NOT want "su" to search an "/etc/su_people".
Having such a file multiplies the number of accounts which must
be secured against intrusion.  It is difficult enough to protect
one account (root).  With N entries in "/etc/su_people" there are
(effectively) N root accounts which can be attacked.  It is much
harder to protect N passwords, N accounts' files, etc. than it is
to protect a single root password and the system directories.

[If you're using NFS, such a change is suicidal.  NFS as distributed
from Sun [even in release 3.2] can be compromised to allow a local
user to read/write any non-root-only file (on an exported filesystem).
It is easy to create a mode 4755 file owned by anyone (except
root), which can be used to get a shell running under any user-id
(bad enough), which can be used to get a root shell via a
permissive "su".]
-- 
  John Bruner (S-1 Project, Lawrence Livermore National Laboratory)
  MILNET: jdb at mordor.s1.gov		(415) 422-0758
  UUCP: ...!ucbvax!decwrl!mordor!jdb 	...!seismo!mordor!jdb



More information about the Comp.unix.questions mailing list