su bug in Ultrix 4.1 still there
Barry Margolin
barmar at think.com
Wed Dec 12 09:00:13 AEST 1990
In article <1990Dec11.045743.27648 at decuac.dec.com> mjr at hussar.dco.dec.com (Marcus J. Ranum) writes:
> I see the idea of 'su' and ENHANCED security as mutually exclusive,
>to tell you the truth. If you are running under ENHANCED mode, you should
>be serious enough about security not to want anyone rooting around on the
>machine as "root" unless they log in as "root" on a secure tty (in this case,
>*the* secure tty).
You're missing the point. He would like to limit use of "root" to *the*
secure tty, which is the workstation's console. However, when using a
window system, the console device is taken over, and all the ttys on the
console are implemented using pseudo ttys. However, pseudo ttys are also
used by the servers for telnet and rlogin. There's no way to distinguish
the two uses in configuring the security parameters; either tty[p-w]* are
marked secure or they aren't.
Furthermore, it's not even good enough to distinguish terminal emulator
windows from remote logins. With X windows, terminal windows may be
displayed on remote terminals. You only want terminal windows displaying
on the console to be considered secure.
--
Barry Margolin, Thinking Machines Corp.
barmar at think.com
{uunet,harvard}!think!barmar
More information about the Comp.unix.ultrix
mailing list