Re: Question on su / possible hole

From: Andrew Kenneth Milton (akm@theinternet.com.au)
Date: 03/27/02 

Date: Thu, 28 Mar 2002 00:35:06 +1000
From: Andrew Kenneth Milton <akm@theinternet.com.au>
To: Bill Vermillion <bv@wjv.com>

+-------[ Bill Vermillion ]----------------------
| On Thu, Mar 28, 2002 at 12:03:29AM +1000, Andrew Kenneth Milton thus spoke:
| > +-------[ Bill Vermillion ]----------------------
| > |
| > | However I have found that if non-wheel-group user can su to a
| > | user who has wheel privledges - the the non-wheel user can su to
| > | root.
|
| > So they can simply login as the user with wheel access and circumvent
| > any further checking anyway. They'd need the password after all.
|
| They do need the password of course. But if you expand the wheel
| concept to the point that you can only become root if you are a
| named user in this group - IOW a trusted user - then the system
| would be more secure.

So remove world execute access from su, make an su-users group and chgrp
su with that group ?

I think you have the tools you need to do what you want d8) 

-- 
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |                      |
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au| 
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • SUMARY: Cant login as root
    ... As a result, i was not able to log in as root, neither create a new ... Asunto: RE: Can't login as root ... > console. ... > If we log as any other user everythig is ok, but we cannot either do su-. ...
    (Tru64-UNIX-Managers)
  • RE: Urgent help needed with Login problems after installation of FC1
    ... symptom trying to su back to root. ... After another minimal install, I was able to add my user and su to it and su ... I was unable to boot using the boot floppy. ... I did a minimal install and was able to login as root, ...
    (Fedora)
  • Re: BSM, SSH, and Session ID
    ... Are you logging in as root through ssh or is that just the way it is ... Sun SSH/OpenSSH should fork off before the login because the sshd ... It should always be a different session, ...
    (Focus-SUN)
  • Re: Urgent help needed with Login problems after installation of FC1
    ... login would do anything but loop back to the Login: ... >From Gnome desktop, I was able to logout user, login root, over and ... Am able to boot from floppy. ... >After another minimal install, I was able to add my user and su to ...
    (Fedora)
  • Re: i can not log as a root
    ... >> how i can log as a user but not as a root. ... > Problem seems to be with the X session not your login but we'll try a few ... > select the OS/kernel that you boot to, ... > Looks like something is wrong with your Xsessions script or one of the ...
    (linux.redhat)
Quantcast