From owner-freebsd-current Tue Nov 28 15:21:19 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id PAA15420 for current-outgoing; Tue, 28 Nov 1995 15:21:19 -0800 Received: from hub.org (hub.org [199.166.238.138]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id PAA15412 for ; Tue, 28 Nov 1995 15:21:11 -0800 Received: (from scrappy@localhost) by hub.org (8.7.1/8.7.1) id SAA15903; Tue, 28 Nov 1995 18:17:34 -0500 (EST) Date: Tue, 28 Nov 1995 18:17:26 -0500 (EST) From: "Marc G. Fournier" To: Terry Lambert cc: joerg_wunsch@uriah.heep.sax.de, freebsd-current@FreeBSD.ORG Subject: Re: schg flag on make world in -CURRENT In-Reply-To: <199511282137.OAA22135@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG Precedence: bulk On Tue, 28 Nov 1995, Terry Lambert wrote: > > > 1) Your user name must be in group "wheel" (in the file /etc/group). > > > > > > 2) Your pty must be marked "secure". > > > > Sheesh. You don't need a "secure" pty in order to su(8) on it! > > No? > > You should. OK. "su" is broken. > It is? Then it must be broken on almost any implementation of Unix I've ever looked at: BSDi, FreeBSD, SunOS, Solaris, AIX, SysV On all the machines that I setup, console is considered to be "unsecure", even as far down as single-user mode reboot. It doesn't add much, but it forces someone to first know which accounts are in group wheel (not hard if you already have an account on the system) and then hack into one of hte account in gorup wheel, and then hack into root itself. Now, what would be broken is if su didn't log failed attempts to get into root, and from which account tried to su... Marc G. Fournier | POP Mail Telnet Acct DNS Hosting scrappy@hub.org | WWW Services Database Services | Knowledge, soon to be: | | Information and scrappy@ki.net | WWW: http://hub.org | Communications, Inc