su bug in Ultrix 4.1 still there
Scott Merrilees
Sm at cerberus.bhpese.oz.au
Wed Dec 12 13:43:24 AEST 1990
mjr at hussar.dco.dec.com (Marcus J. Ranum) writes:
> I see the idea of 'su' and ENHANCED security as mutually exclusive,
>to tell you the truth. If you are running under ENHANCED mode, you should
>be serious enough about security not to want anyone rooting around on the
>machine as "root" unless they log in as "root" on a secure tty (in this case,
>*the* secure tty).
It seems that your ideas and mine are totally opposed. I think that
log in as root should be avoided in just about all cases, and that the
priviledged user should first log into their own account, then su to
root where necessary. This provides much better tracking of root
access than having someone log into root to do something, which leaves
you with the problem: Who was it? Programmer A or B or C ?
If you are logged into a workstation, and need to do something, and
you have to root password, then you should be able to su, and do it,
and su will even write a nice audit record for you.
Sm
--
Scott Merrilees, BHP Information Technology, Newcastle, Australia
Internet: Sm at bhpese.oz.au Phone: +61 49 402132
More information about the Comp.unix.ultrix
mailing list