Path: utzoo!utgpu!cs.utexas.edu!sdd.hp.com!decwrl!pa.dec.com!jrdzzz.jrd.dec.com!tkou02.enet.dec.com!jit533!diamond
From: diamond@jit533.swstokyo.dec.com (Norman Diamond)
Newsgroups: alt.sources.d
Subject: Re: sux, an enhancer for su
Message-ID: <1991Apr26.023646.17071@tkou02.enet.dec.com>
Date: 26 Apr 91 02:36:46 GMT
References: <130392@uunet.UU.NET> <1991Apr25.142159.6826@convex.com> <462@frcs.UUCP> <7WYA.A2@xds13.ferranti.com> <130394@uunet.UU.NET>
Sender: usenet@tkou02.enet.dec.com (USENET News System)
Reply-To: diamond@jit533.enet@tkou02.enet.dec.com (Norman Diamond)
Organization: Digital Equipment Corporation Japan , Tokyo
Lines: 17

In article <130394@uunet.UU.NET> kyle@uunet.uu.net (Kyle Jones) writes:
>Tom Christiansen writes:
> > And this is a feature???  If there are users who can become root
> > without a password, then it's MUCH easier to subvert the
> > system.
>
>I think we're talking around each other.  Most people understand
>the decrease in security.  What you gain is ease of use and safety.

Yeah OK.  Then users in group "wheel" should also be allowed to use
the "passwd" command to set their new passwords without first typing
their old ones.  After all, they can get there via "sux".  Only
mortal users should have their legitimacy verified.
( :-S sarcasm)
--
Norman Diamond       diamond@tkov50.enet.dec.com
If this were the company's opinion, I wouldn't be allowed to post it.