Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!unirot!althea!rjd
From: rjd@althea.UUCP (Rob Diamond)
Newsgroups: comp.sys.att
Subject: Re: slide - a command to make you root
Message-ID: <225@althea.UUCP>
Date: Wed, 18-Nov-87 08:15:05 EST
Article-I.D.: althea.225
Posted: Wed Nov 18 08:15:05 1987
Date-Received: Sat, 21-Nov-87 04:48:58 EST
References: <223@althea.UUCP> <4309@sdcsvax.UCSD.EDU>
Organization: Terrapin Station - New Brunswick, NJ Annex
Lines: 30
Keywords: handy, time-saving, gaping security hole
Summary: You're right, but.....

In article <4309@sdcsvax.UCSD.EDU>, brian@sdcsvax.UCSD.EDU (Brian Kantor) writes:
> In article <223@althea.UUCP> rjd@althea.UUCP (Rob Diamond) writes:
> >This is slide, a little program I find very handy on the 3b1.  It allows
> >selected users to become root without prompting for a password.  You can
> >run slide with no arguments, in which case it invokes a shell ($SHELL) with
> >root permissions, or you can run it with arguments, in which case it runs
> >the arguments as a command line with root permissions.
> 
> Sigh.  And it's exactly the same as giving root a list of passwords
> instead of just one.  See, if any of the villains out there manages to
> get the password of any of the users who can execute this program to
> become root, then they too can become root.  And it's a trivial matter
> then to edit the password file, delete or change the root password,
> type rm -rf *, or any of those other wonderful things that villains do.

You're absolutely right.  This can very easily be abused. That is why I put
a warning on it.  However, on yer-average 3b1 (UNIX PC) system, there will
probably only be one user anyway.  It's just kinda nice to slide in and out
of root mode easily when you're doing adminstration-type-things.

Rob.






-- 
    Robert Diamond    |    UUCP:     ...!rutgers!unirot!althea!diamond
                      |    INTERNET: diamond@althea.rutgers.edu