Reasons for restricting su privilege?
Chris Calabrese[rs]
cjc at ulysses.homer.nj.att.com
Fri Oct 21 22:34:27 AEST 1988
In article <3185 at tekcrl.CRL.TEK.COM>, eirik at tekcrl.TEK.COM (Eirik Fuller) writes:
> In article <25003 at tut.cis.ohio-state.edu> karl at dinosaur.cis.ohio-state.edu (Karl Kleinpaste) writes:
> ) Personally, I advocate a menu-driven setuid-root program which allows
> ) ...
>
> Yeah, sure, but what if this spiffy menu contraption allows its luser
> to make new accounts? "Gee, maybe I'll make an account with uid 0,
> and put /bin/csh as its shell, and leave the password off until
> someone comes along and puts one in, and see what happens ..."
> ...
I did one of these menu things when I was in school. The way
I solved these types of problems was:
You could add, modify, and delete lines in /etc/passwd,
but only using the supplied menu based editor, and
only for users with uid and gid >= 100.
You could su to any account with uid and gid >= 100.
You could view any file.
You could remove and file in /etc (and mabee /bin but
I don't remember that part to well).
File viewing and removing operations were done with
internal code so there were no leaks from possible
security holes in more, pg, cat, rm, etc.
All in all it worked pretty well (though the code is pretty
hackish compared to what I can do now :-).
If anyone wants source I can get it, though I'll have to
retrieve it from tape.
--
--------
Christopher J. Calabrese
AT&T Bell Laboratories
ulysses!cjc
More information about the Comp.unix.wizards
mailing list