Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!rutgers!ames!ucbcad!ucbvax!hplabs!hp-pcd!hpcvc0!hpcvcd!charles From: charles@hpcvcd.UUCP Newsgroups: comp.sources.d Subject: Re: Another kind of su program (source) Message-ID: <4310001@hpcvcd.HP> Date: Sun, 8-Feb-87 21:20:20 EST Article-I.D.: hpcvcd.4310001 Posted: Sun Feb 8 21:20:20 1987 Date-Received: Wed, 11-Feb-87 07:15:51 EST References: <608@vu-vlsi.UUCP> Organization: Hewlett-Packard Co., Corvallis, Oregon Lines: 58 >> Both of these programs (performing password-free su) seem dangerous >> to me- if one of the authorized users were to accidently leave themself >> logged on, anyone could come along and su from their terminal. > >Short reply: >Yes a password-free su (PWFSU) is dangerous. >So is typing the root password all the time. >I feel that the security trade-off is a wash, >and PWFSUs win because they are more convenient. At this site we have a program called su2 which requires the user to type his OWN password. He never knows the root password, but can still get access to that power occasionally. Naturally, su2 only allows authorized users to become superuser. Some advantages to this are that the real superuser can change the root password as often as he likes. He can remove users from the su2 list without asking their permission and without changing the root password. He also does not need to know their passwords. ---------------------------------------------- I did not write su2. Sorry, I can not post it. ---------------------------------------------- >Long reply: >This weakness occurs on all normal UN*X systems anyway. >Anyone can come along and install a trojan horse 'su', >in the authorized user's bin, which steals the root password. Wrong. I am not even a superuser and I don't allow anything that weak on my path. All common commands are in protected directorys, and are early in my PATH. I have two unprotected directorys on my PATH, and they are at the end of it. One of them is ".", and I am sometimes tempted to remove it altogether. I know many people put "." first on their PATH. This is like hanging a "Kick Me" sign on your back. I am tempted to put a program called "ls" in one of my directorys. The program would do nothing but make it look like it had caused them damage. >There are lots of other ways to exploit a logged-in terminal. >There is always "find / -exec rm -f {} ';'", just to be malicious. "rm -rf /" is shorter. >> it makes the knowledge of an authorized sus/slide users password >> equivalent to knowing the root password. Alas, this is a problem. >Or just do what we do -- threaten our users with bodily harm >if they exploit security weaknesses. Works great. > Tom ("just kidding") Truscott >---------- I know of someone unknowingly running the equivalent of "rm -rf /users/*". Charles Brown hplabs!hp-pcd!charles