Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Mar 2002 02:48:27 +1000
From:      Andrew Kenneth Milton <akm@theinternet.com.au>
To:        Damien Palmer <dpalmer@northwestern.edu>
Cc:        Andrew Kenneth Milton <akm@theinternet.com.au>, security@FreeBSD.ORG
Subject:   Re: Question on su / possible hole
Message-ID:  <20020328024827.I40004@zeus.theinternet.com.au>
In-Reply-To: <5.1.0.14.2.20020327103848.00acb498@casbah.it.northwestern.edu>; from dpalmer@northwestern.edu on Wed, Mar 27, 2002 at 10:43:33AM -0600
References:  <20020327142432.GB30556@wjv.com> <20020327140006.GA30556@wjv.com> <20020328000329.E40004@zeus.theinternet.com.au> <20020327142432.GB30556@wjv.com> <20020328003506.F40004@zeus.theinternet.com.au> <5.1.0.14.2.20020327103848.00acb498@casbah.it.northwestern.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
+-------[ Damien Palmer ]----------------------
| At 12:35 AM 3/28/2002 +1000, Andrew Kenneth Milton wrote:
| >So remove world execute access from su, make an su-users group and chgrp
| >su with that group ?
| 
| Since su already belongs to the wheel group, and we are trying to restrict 
| su access to people in the wheel group, wouldn't it be simpler to just 
| chmod the command, so only the owner and the group have executable 
| permissions on it, and leave it in the wheel group?  Or is there another 
| reasoning behind creating a new group that I am not seeing?

Neatness?

-- 
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |                      |
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au| 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328024827.I40004>