security of Interactive powerdown login
Eric Gisin
eric at femto.mks.com
Tue Nov 13 05:14:35 AEST 1990
In article <1990Nov10.132459.10900 at virtech.uucp> cpcahil at virtech.uucp (Conor P. Cahill) writes:
In article <1990Nov9.212510.9086 at mks.com> eric at mks.com (Eric Gisin) writes:
>If you want a more secure password-less powerdown userid
>and you have Interactive 2.2, you can change the shell for powerdown
>to /usr/admin/powerdown and add the following lines to the top of
>the /usr/admin/powerdown shell script:
NEVER NEVER NEVER have a root account without a password. There are too
many chances for it to be exploited.
Look at what could happen:
cpcahil(virtech,61): id
uid=100(cpcahil) gid=7(opadmin)
cpcahil(virtech,63): su powerdown
# id
uid=0(root) gid=0(root)
Oops, I meant to give a two part fix. First change /usr/admin/powerdown
into an executable shell script that sets a secure PATH and IFS.
But I forgot the second part, change the shell in /etc/passwd from
/bin/rsh to /usr/admin/powerdown. This avoids "su powerdown" problem.
There is still the issue of allowing users to run a shell script as root,
either through password-less root accounts or setuid shell scripts.
Is it considered a bad idea even for simple shell scripts?
Is setting a secure PATH/IFS and being careful with eval and `...` enough?
More information about the Comp.unix.sysv386
mailing list