Re: Strange command histories in hacked shell history

From: Elvedin Trnjanin (mnsan11_at_earthlink.net)
Date: 12/18/04

Next message: Bill Vermillion: "Re: Strange command histories in hacked shell history"

Previous message: Richard Kojedzinszky: "re: Strange command histories in hacked shell server"
In reply to: Bill Vermillion: "Re: Strange command histories in hacked shell history"
Next in thread: Bill Vermillion: "Re: Strange command histories in hacked shell history"
Reply: Bill Vermillion: "Re: Strange command histories in hacked shell history"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 17 Dec 2004 20:11:10 -0600
To: bv@wjv.com

Bill Vermillion wrote:

>
>Can anyone explain why su does not use the UID from the login
>instead of the EUID ? It strikes me as a security hole, but I'm no
>security expert so explanations either way would be welcomed.
>
>Bill
>
>
>
>
Because su does exactly what is says. From the manual -

DESCRIPTION

*su* requests the password for /login/ and switches to that user and group ID
after obtaining proper authentication.

Just for fun, here's an little snippet from the sudo manual -

DESCRIPTION

*sudo* allows a permitted user to execute a /command/ as the superuser
or another user, as specified in the /sudoers/ file. The real and
effective uid and gid are set to match those of the target user as
specified in the passwd file and the group vector is initialized based
on blah blah blah...

-- 
---
----
http://www.ods.org
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Bill Vermillion: "Re: Strange command histories in hacked shell history"

Previous message: Richard Kojedzinszky: "re: Strange command histories in hacked shell server"
In reply to: Bill Vermillion: "Re: Strange command histories in hacked shell history"
Next in thread: Bill Vermillion: "Re: Strange command histories in hacked shell history"
Reply: Bill Vermillion: "Re: Strange command histories in hacked shell history"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: New Security Features, Please Comment
... as I am very new to kernel hacking and would like to solve this ... performance vs security problem once and for all. ... UID remains constant unless you intentionally did a setuidcall. ... precaution, and even if a process manages to get its uid/gid changed, ...
(Linux-Kernel)
Re: netbios vuln
... > finally is it just the author of the article (who is not a security ... <<blah, blah, blah>> ... network protocols and services on thoses OSes such that, by default, ... nearly every such machine with an Internet connection will be ...
(Incidents)
Re: [1/1][PATCH] nproc v2: netlink access to /proc information
... > access controls myself. ... credentials (beyond the existing uid, cap information), since the LSM ... patches for adding security fields and hooks for managing skb security ... sender pid, uid, and cap, and the security module can look up the pid if ...
(Linux-Kernel)
Re: What server hardening are you doing these days?
... I just took it as another droll "blah, blah, blah, Microsoft security sucks, ... operating systems with NT is either wanton, ...
(Focus-Microsoft)
RE: hfs ishell owner field blank
... Your problem is due to you not having a userid in your security database ... assigned with that UID, but that user is no longer in the security ... hfs ishell owner field blank ...
(bit.listserv.ibm-main)