Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!cmcl2!nrl-cmf!ames!sdcsvax!brian
From: brian@sdcsvax.UCSD.EDU (Brian Kantor)
Newsgroups: comp.sys.att
Subject: Re: slide - a command to make you root
Message-ID: <4309@sdcsvax.UCSD.EDU>
Date: Tue, 17-Nov-87 15:57:35 EST
Article-I.D.: sdcsvax.4309
Posted: Tue Nov 17 15:57:35 1987
Date-Received: Thu, 19-Nov-87 23:54:55 EST
References: <223@althea.UUCP>
Reply-To: brian@sdcsvax.UCSD.EDU (Brian Kantor)
Organization: UCSD wombat breeding society
Lines: 20
Keywords: handy, time-saving, gaping security hole

In article <223@althea.UUCP> rjd@althea.UUCP (Rob Diamond) writes:
>This is slide, a little program I find very handy on the 3b1.  It allows
>selected users to become root without prompting for a password.  You can
>run slide with no arguments, in which case it invokes a shell ($SHELL) with
>root permissions, or you can run it with arguments, in which case it runs
>the arguments as a command line with root permissions.

Sigh.  And it's exactly the same as giving root a list of passwords
instead of just one.  See, if any of the villains out there manages to
get the password of any of the users who can execute this program to
become root, then they too can become root.  And it's a trivial matter
then to edit the password file, delete or change the root password,
type rm -rf *, or any of those other wonderful things that villains do.

From one point of view, having just one user who can run this decreases the
security of your system by half.  Perhaps it's worth it to you somehow.

	Brian Kantor	UCSD Office of Academic Computing
			Academic Network Operations Group  
			UCSD B-028, La Jolla, CA 92093 USA