Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!brl-adm!adm!baccala@USNA.arpa
From: baccala@USNA.arpa
Newsgroups: comp.unix.wizards
Subject: Re:  su modifications posted to net.sources
Message-ID: <4308@brl-adm.ARPA>
Date: Fri, 6-Feb-87 22:01:33 EST
Article-I.D.: brl-adm.4308
Posted: Fri Feb  6 22:01:33 1987
Date-Received: Sun, 8-Feb-87 03:58:36 EST
Sender: news@brl-adm.ARPA
Lines: 18

I take objection to being able to su without a password.  I feel that NOONE
should be able to su without a password.  The reason is simple - most people
have .rhosts.  Root can't, and shouldn't.  If root is cracked on machine A,
and hacker B on machine C shares rhosts with A and is an su_person on C, the
villins have root on C.  No network is *really* secure, and the best way to
ensure security is through people - the guy on the other end of that line
has to know the password no mattter WHO he says he is.

Diclaimer:  I'm a fanatic when it comes to security.

			- BRENT W. BACCALA -
			Computer Aided Design/Interactive Graphics
			U.S. Naval Academy
			Annapolis, MD

			<decvax!brl-smoke!usna!baccala>
			<seismo!usna!baccala>
			<baccala@usna.arpa>