Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!spool.mu.edu!uunet!mcsun!unido!unibi.uni-bielefeld.de!techfak.uni-bielefeld.de!malte
From: malte@techfak.uni-bielefeld.de (Malte Uhl)
Newsgroups: comp.unix.admin
Subject: Re: Running random user programs as ROOT?!
Message-ID: <1991Jun26.101612.13057@unibi.uni-bielefeld.de>
Date: 26 Jun 91 10:16:12 GMT
Article-I.D.: unibi.1991Jun26.101612.13057
References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu> <70@pyuxf.UUCP> <1991Jun21.233414.10848@gpu.utcs.utoronto.ca> <867@minya.UUCP>
Sender: @unibi.uni-bielefeld.de
Organization: Universitaet Bielefeld, Technische Fakultaet.
Lines: 21
Nntp-Posting-Host: dahlie.techfak.uni-bielefeld.de

|> BTW, this isn't purely hypothetical.  I recently added a dumb terminal
|> to  this (Sys/VR3) system so that when X shoots itself in the foot and
|> goes zombie on me, I have a back door to do something short of pushing
|> the  reset  button.   But what I can do there is very limited, because
|> when I type "su" it just says "Sorry", without even asking  me  for  a
|> password.   TFM  hasn't  helped  at  all  to  explain  why  su  is  so
|> recalcitrant.  I've done what any hacker would do  -  written  my  own
|> version of su. Now I find that, according to the above, it is horribly
|> broken.  I'd like to know how to make it less so.  How do I do that?

1. You can get your "real" real user ID in the same way as 
	who am i
   does by reading /etc/utmp and /var/amd/wtmp.
   The record there says as who you once logged in and is therefor inde-
   pendent from your real or effective ID.

2. Su will tell you it's sorry if you try to login (su -) as root at an
   unsecure terminal.


Malte