Date: Wed, 27 Mar 2002 10:43:33 -0600 From: Damien Palmer <dpalmer@northwestern.edu> To: Andrew Kenneth Milton <akm@theinternet.com.au> Cc: security@FreeBSD.ORG Subject: Re: Question on su / possible hole Message-ID: <5.1.0.14.2.20020327103848.00acb498@casbah.it.northwestern.edu> In-Reply-To: <20020328003506.F40004@zeus.theinternet.com.au> References: <20020327142432.GB30556@wjv.com> <20020327140006.GA30556@wjv.com> <20020328000329.E40004@zeus.theinternet.com.au> <20020327142432.GB30556@wjv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:35 AM 3/28/2002 +1000, Andrew Kenneth Milton wrote: >So remove world execute access from su, make an su-users group and chgrp >su with that group ? Since su already belongs to the wheel group, and we are trying to restrict su access to people in the wheel group, wouldn't it be simpler to just chmod the command, so only the owner and the group have executable permissions on it, and leave it in the wheel group? Or is there another reasoning behind creating a new group that I am not seeing? -Damien Palmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020327103848.00acb498>