Path: utzoo!utgpu!cs.utexas.edu!usc!rpi!uupsi!sunic!dkuug!diku!kimcm From: kimcm@diku.dk (Kim Christian Madsen) Newsgroups: alt.sources.d Subject: Re: another 'su encancer' Message-ID: <1991May4.165508.10057@odin.diku.dk> Date: 4 May 91 16:55:08 GMT References: <1991Apr26.142736.21272@convex.com> Sender: kimcm@rimfaxe.diku.dk Organization: Department of Computer Science, U of Copenhagen Lines: 37 tchrist@convex.COM (Tom Christiansen) writes: >I think you guys are missing the point. Any command that grants >unrestricted privilege to even one user without confronting them >with a password is a security hole. All I have to do is be that >user, through Trojan horses, people absent from their offices, >TIOCSTI usurpation, etc. Honestly I think that *you guys* are too touchy (-; It is alright to warn us that if you install a su(1) replacement that doesn't need a password to become another user - the integrity of the su'ed account is lowered to the level of security of the account which is allowed to use this password free su replacement! But at some installations, there are no outside links (neither network's or phone-links) and two or three people sharing the system-administration, and no real secrets from other users (just that the sysadm's doesn't want them to harm the system by mistake) and the sysadm's themeselves don't want to become root more often than required in order to minimalize their own mistakes. In such places the installation of a password-free su replacement is often a lesser evil, than having lazy sysadm's run to much in root-mode. Other scenario where a su replacement is almost harmless, is when you as the primary sysadm want's to have the priviledge of changing the passwords of system accounts without having to consult the secondary sysadm's. And if you can trust these fellow sysadm's to be just as strict with the security of their accounts as with the root account. Where does all this lead? Yes I am in favor of password free su replacements (I use one myself), since it adds to the level of internal security (me becoming root less time than with ordinary su, due to the ease and the command line options of the program), and the added awareness of my own account's integrity is a lesser evil! Regards Kim Chr. Madsen