Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!sri-spam!mordor!lll-lcc!pyramid!prls!mips!dce
From: dce@mips.UUCP
Newsgroups: comp.unix.wizards,comp.unix.questions,comp.bugs.4bsd
Subject: Re: su modifications posted to net.sources
Message-ID: <167@quacky.mips.UUCP>
Date: Fri, 6-Feb-87 16:04:05 EST
Article-I.D.: quacky.167
Posted: Fri Feb  6 16:04:05 1987
Date-Received: Sun, 8-Feb-87 02:59:08 EST
References: <160@quacky.mips.UUCP> <1599@mordor.s1.gov>
Reply-To: dce@quacky.UUCP (David Elliott)
Organization: MIPS Computer Systems, Sunnyvale, CA
Lines: 39
Xref: watmath comp.unix.wizards:866 comp.unix.questions:952 comp.bugs.4bsd:175

In article <1599@mordor.s1.gov> jdb@mordor.UUCP (John Bruner) writes:
>In general, you do NOT want "su" to search an "/etc/su_people".
>Having such a file multiplies the number of accounts which must
>be secured against intrusion.  It is difficult enough to protect
>one account (root).  With N entries in "/etc/su_people" there are
>(effectively) N root accounts which can be attacked.  It is much
>harder to protect N passwords, N accounts' files, etc. than it is
>to protect a single root password and the system directories.
>

I agree that these modifications can be quite dangerous, and I tried
to point this out in the changes to the manual page.

On the other hand, there are people that are going to want this (try
convincing the people here that this command should not exist, and
you'll see what I mean). A lot of the hassles we solve by using
"ssu" should be solveable by using groups, but it has been felt
that trying to implement groups at this time would not be worth
the trouble.

In any environment other than a software development environment, free
root access is very bad. On the other hand, many of our customers
are software developers.

One thing you must admit, though, is that these modifications are
a lot more manageable than the setuid shell script that says:

	#!/bin/sh
	${SHELL-"/bin/sh"}

or the setuid C program that checks a list of userid numbers and
executes a shell. At least there is some semblance of "safety".

I would like to thank you for pointing out the problem with NFS,
and this information will certainly be found in our NFS release.
-- 
			David Elliott

UUCP: 	{decvax,ucbvax,ihnp4}!decwrl!mips!dce, DDD:  	408-720-1700