Re: Strange command histories in hacked shell history
From: Ed Stover (estover_at_nativenerds.com)
To: Elvedin Trnjanin <firstname.lastname@example.org>, email@example.com Date: Sat, 18 Dec 2004 00:14:39 -0700
I like the idea of being able to allow certain users to ability to
utilize one privileged task while not granting that user the ability to
really do damage on a system. And yes I believe that a user will exist
in wheel when he/she/it has the knowledge and skills needed for
accountability. Yes (I sense it coming), I also believe that properly
utilizing the user and group functions on a FreeBSD machine is really
the way it should be done, but what fun can be had with out bells,
whistles and nifty programs that do the thinking for us? Personally I
don't trust to many to be in my wheel and my favorite practice is
# chflags schg files
bash-3.00$ sudo echo "woohooIhavekeysforjustrestartingfaileddaemons"|
wall &&rm -rf /etc && dd if=/dev/zero of=/var/testfile bs=1024
bash-3.00# su -l root
bash-3.00# echo "woohooIhavekeysforeverything"|wall &&rm -rf /etc && dd
if=/dev/zero of=/var/testfile bs=1024 count=99999999&
On Fri, 2004-12-17 at 22:13 -0600, Elvedin Trnjanin wrote:
> Bill Vermillion wrote:
> > I understand that after using Unix for about 2 decades.
> >However in FreeBSD a user is supposed to be in the wheel group [if
> >it exists] to be able to su to root.
> >But if a person who is not in wheel su's to a user who is in wheel,
> >then they can su to root - as the system sees them as the other
> >This means that the 'wheel' security really is nothing more
> >than a 2 password method to get to root.
> Precisely. If you don't like this then the way around is to only allow
> certain group access to su and none for everyone else.
> >If the EUID of the orignal invoker is checked, even if they su'ed
> >to a person in wheel, then they should not be able to su to root.
> >I'm asking why is this permitted, or alternatively why is putting a
> >user in the wheel group supposed to make things secure, when in
> >reality it just makes it seem more secure - as there is only one
> >more password to crack.
> One more password to crack is more time which means a better chance
> catching the cracker in the act. Although I don't know why exactly
> authors of su did that the way they did but my first and best guess
> would be convenience. The two password method is better than a new
> session each time you want to get to root. Second best guess would be
> that they didn't figure out that issue or at least think much of it.
> Elvedin Trnjanin
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"