Path: utzoo!utgpu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!wuarchive!uunet!bu.edu!nntp-read!jc From: jc@raven.bu.edu (James Cameron) Newsgroups: alt.sources.d Subject: Re: sux, an enhancer for su Message-ID: Date: 25 Apr 91 19:15:13 GMT References: <130392@uunet.UU.NET> <1991Apr25.142159.6826@convex.com> <462@frcs.UUCP> <7WYA.A2@xds13.ferranti.com> <130394@uunet.UU.NET> Sender: news@bu.edu.bu.edu Organization: What do you mean 'That *can't* be done????' Lines: 31 In-reply-to: kyle@uunet.uu.net's message of 25 Apr 91 17:31:26 GMT >>>>> On 25 Apr 91 17:31:26 GMT, kyle@uunet.uu.net (Kyle Jones) said: Kyle> Tom Christiansen writes: > And this is a feature??? If there are users who can become root > without a password, then it's MUCH easier to subvert the > system. Kyle> I think we're talking around each other. Most people understand Kyle> the decrease in security. What you gain is ease of use and Kyle> safety. Using a root shell is like using a table saw without the Kyle> guard plate. Make it easy for people to become root when they Kyle> need to, and they're less likely to run as root when they don't Kyle> need to. This is what the command is supposed to offer. As for Kyle> the consequences, well, there are always tradeoffs. Wait, since when is typing an 8 character password time consuming or difficult?? *I* certainly don't want to worry that if I suddenly have to leave the room for a brief second, that someone is going to type sux and have access to root privs. I find this to simply be a MAJOR security risk. jc -- -- James Cameron (jc@raven.bu.edu) Signal Processing and Interpretation Lab. Boston, Mass (617) 353-2879 ------------------------------------------------------------------------------ "But to risk we must, for the greatest hazard in life is to risk nothing. For the man or woman who risks nothing, has nothing, does nothing, is nothing." (Quote from the eulogy for the late Christa McAuliffe.)