Re: Strange command histories in hacked shell history

• Previous message: security_at_revolutionsp.com: "Re: Strange command histories in hacked shell server"
• In reply to: Bill Vermillion: "Re: Strange command histories in hacked shell history"
• Next in thread: Bill Vermillion: "Re: Strange command histories in hacked shell history"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: muc-lists-freebsd-security@moderators.muc.de
Date: 18 Dec 2004 10:45:06 GMT

»Bill Vermillion« <bv@wjv.com> wrote:
> But if a person who is not in wheel su's to a user who is in wheel,
> then they can su to root - as the system sees them as the other
> user. This means that the 'wheel' security really is nothing more
> than a 2 password method to get to root.

It is exactly that.

> If the EUID of the orignal invoker is checked, even if they su'ed
> to a person in wheel, then they should not be able to su to root.

No, since the EUID is also changed on su.

> I'm asking why is this permitted, or alternatively why is putting a
> user in the wheel group supposed to make things secure, when in
> reality it just makes it seem more secure - as there is only one
> more password to crack.

Well, if su could not su from a non-wheel user to a wheel user, the user would
just ssh to localhost instead. For example.

-- 
          / --- Where bots rampage, I'm there to take them down! --- \
         / ------ Where trouble arises, I'm there to cause it! ------ \
         \ Where an enemy tries to frag me, victory will be mine!!!1! /
{{dup[exch{dup exec}fork =}loop}dup exec      >> http://www.ccc-offenbach.org <<
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: security_at_revolutionsp.com: "Re: Strange command histories in hacked shell server"
• In reply to: Bill Vermillion: "Re: Strange command histories in hacked shell history"
• Next in thread: Bill Vermillion: "Re: Strange command histories in hacked shell history"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Help with sudoers and wheel - "Old Guy" or anyone? ... (I am root on my home systems, and have "root" user accounts at work, ... Notice - no permissions for normal users to run. ... members of the 'wheel' group could run those commands. ... >Use halt, reboot, shutdown, mount, and tcpdump commands. ... (comp.os.linux) RE: Root access loggin ... commands with sudo assume that the user actually knows what commands ... Sudo wouldn't be any help here cause I would need to pre approve commands ... You can grant them access to everything that root has simply by adding their account to the wheel group and using visudo to grant wheel access to everything that root has access to. ... (freebsd-questions) Re: Problems booting operating system and with root password ... Atom Powers wrote: ... If you are in wheel, then you should be able to "sudo su" to switch to ... the root account and then "passwd root" to reset the password. ... mmiranda is not in the sudoers file. ... (freebsd-questions) Re: sudo doesnt work, Im not in sudoers file, but I am. ... user gene is not allowed to execute '/bin/ls -l' as root on ... ~ %wheel ALL=ALL ... (Fedora) Re: Strange command histories in hacked shell history ... >However in FreeBSD a user is supposed to be in the wheel group [if ... >it exists] to be able to su to root. ... >But if a person who is not in wheel su's to a user who is in wheel, ... The two password method is better than a new login ... (FreeBSD-Security)