Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!seismo!rochester!ritcv!rocksvax!rocksanne!sunybcs!loverso
From: loverso@sunybcs.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: su Security
Message-ID: <2265@sunybcs.UUCP>
Date: Sun, 8-Feb-87 03:21:33 EST
Article-I.D.: sunybcs.2265
Posted: Sun Feb  8 03:21:33 1987
Date-Received: Mon, 9-Feb-87 03:45:44 EST
References: <4193@brl-adm.ARPA>
Sender: nobody@sunybcs.UUCP
Reply-To: loverso@gloria.UUCP (John Robert LoVerso)
Organization: SUNY/Buffalo Computer Science
Lines: 49

In article <4193@brl-adm.ARPA> barba@ALMSA-1.arpa (Barbara Archambault) writes:
> Need some help.  I would like to develop a c program which will check an
> authorization table of users PRIOR to execution of the 'su' command.
> 
> Ideally this program will allow the user to logon as usual, however, if
> the user keys in the 'su' command (root privileges) the userid will be
> checked against a table of authorized users.  Should the userid be invalid,
> the system will respond with a "sorry, not authorized" type of response and
> either exit from the system or bring the user back to a $ prompt.  If
> the userid is valid the program continues and executes the 'su' program.

We've got a locally developed program called "sudo" that does just this.
It was posted to net.sources sometime last summer, I believe.  I reads
a permission file of who's allowed to execute what, and logs all sucessful
and failed commands (in separate logs).  An example sudoers file:

coggs all
colonel all
forys all
howlett all
kensmith all
loverso all
operator PATH=/etc:/usr/ucb:/bin:/usr/local/bin
	dump inetd kill lpc lprm netwall
	restore rdump renice rrestore shutdown wall
	/etc/dump /etc/inetd /etc/restore
phillips all
soon /bin/passwd
sue all
tim all

sudo does various checking with path variables and explicit paths.  "all"
means the user is allowed to execute anything.

As our local version stands, if you are in the sudoers file, then once
logged in you can sudo at will.  This opens *some* possible security holes
with insecure hosts.  UC/Boulder runs a hacked version which asks for your
passwd upon your first sudo command, and then you can sudo at-will until
a time limit of no sudo'd commands is reached (default=5 mins), after
which your next sudo will reprompt for your passwd.  This handles some
problems (like leaving terminals unattended), but adds others.

sunybcs!sue and sunybcs!tim will fill mail requests for the source.
If demand warrents, it could be sent to mod.sources.

John
--
John Robert LoVerso @ SUNY/Buffalo Computer Science (716-636-3190)
LoVerso@Buffalo.EDU  -or-  ..!{nike,watmath,allegra,decvax}!sunybcs!loverso