Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!magnus.ircc.ohio-state.edu!tut.cis.ohio-state.edu!VAX1.CC.UAKRON.EDU!mcs.kent.edu!usenet.ins.cwru.edu!ncoast!allbery From: allbery@NCoast.ORG (Brandon S. Allbery KB8JRR) Newsgroups: comp.unix.sysv386 Subject: Re: "asroot" command (was: Enchancements to SCO UNIX C2 Security) Message-ID: <1991Mar3.001415.23748@NCoast.ORG> Date: 3 Mar 91 00:14:15 GMT References: <43@talgras.UUCP> <14791@scorn.sco.COM> Reply-To: allbery@ncoast.ORG (Brandon S. Allbery KB8JRR) Followup-To: comp.unix.sysv386 Organization: North Coast Public Access Un*x (ncoast) Lines: 27 As quoted from by fitz@wang.com (Tom Fitzgerald): +--------------- | paulz@sco.COM (W. Paul Zola) writes: | > The utility, asroot(ADM) that allows an authorized user to run a defined | > set of commands as superuser without the root password. | | One warning to people who install this thing - commands like "asroot" (and | "sudo", a PD version of the same thing) are substantial security holes. +--------------- Yes. I plan to wipe it off our systems after installing the update, just as a successfully campaigned to remove a similar command (homegrown) from ncoast. I can't justify its use against the security risk. There are more security holes in su, though (even in SCO UNIX) --- or, should I say, they aren't actually in su per se but can use su to be activated. The technique uses su -c, although under BSD one could use TIOCSTI to do it as well. The only fix for this is to run su always with an explicit pathname, preferably after moving it from /bin to somewhere else --- because the only other "fix" would completely gut the shell. ++Brandon -- Me: Brandon S. Allbery VHF/UHF: KB8JRR on 220, 2m, 440 Internet: allbery@NCoast.ORG Packet: KB8JRR @ WA8BXN America OnLine: KB8JRR AMPR: KB8JRR.AmPR.ORG [44.70.4.88] uunet!usenet.ins.cwru.edu!ncoast!allbery Delphi: ALLBERY