Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!ames!oliveb!sun!gorodish!guy
From: guy@gorodish.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: su Security
Message-ID: <12818@sun.uucp>
Date: Fri, 6-Feb-87 02:30:41 EST
Article-I.D.: sun.12818
Posted: Fri Feb  6 02:30:41 1987
Date-Received: Sat, 7-Feb-87 17:42:29 EST
References: <4263@brl-adm.ARPA>
Sender: news@sun.uucp
Reply-To: guy@sun.UUCP (Guy Harris)
Organization: Sun Microsystems, Mountain View
Lines: 20

>A program to check a table of users to see if they are authorized to
>execute 'su' is of limited utility, if any.  If a user has the root
>password and they are excluded from running 'su', there is nothing to
>prevent them from just running 'login' and logging in as the superuser.

Actually, there is something to prevent them from doing that; give
them a ".login" or ".profile" that blows a raspberry and exits.  Of
course, if you have an "su" that supports an option that says "run
the new shell as a login shell", this won't work.

>If you are going to modify 'su', you might as well modify 'login' as
>well, perhaps to ask a second password or to check from which terminal
>the login is being attempted (except that I believe System V already
>does this through the use of /etc/securetty?).

4.2BSD does, 4.3BSD uses "/etc/ttys" instead, System V doesn't.  S5's
"login", at least in S5R3, is built with an option that only allows
root logins on "/dev/console".  4.3BSD's "login" also will call
"syslog" to log a message indicating that somebody has logged in as
the super-user.