Path: utzoo!utgpu!cs.utexas.edu!sdd.hp.com!wuarchive!uunet!convex!newsadm From: tchrist@convex.COM (Tom Christiansen) Newsgroups: alt.sources.d Subject: Re: another 'su encancer' Message-ID: <1991Apr26.142736.21272@convex.com> Date: 26 Apr 91 14:27:36 GMT References: Sender: newsadm@convex.com (news access account) Reply-To: tchrist@convex.COM (Tom Christiansen) Organization: CONVEX Software Development, Richardson, TX Lines: 13 Nntp-Posting-Host: pixel.convex.com From the keyboard of muts@fysak.fys.ruu.nl (Peter Mutsaers): :Now that we are discussing a su encancer etc., here is a 'root' program that :I've been using the last 1.5 year. :The syntax is 'root command [args]' and runs one command with su privilege. :It is quite safe, and checks if the uid is right. (only works for one user). I think you guys are missing the point. Any command that grants unrestricted privilege to even one user without confronting them with a password is a security hole. All I have to do is be that user, through Trojan horses, people absent from their offices, TIOCSTI usurpation, etc. --tom