Date: Tue, 28 Nov 1995 18:17:26 -0500 (EST) From: "Marc G. Fournier" <scrappy@hub.org> To: Terry Lambert <terry@lambert.org> Cc: joerg_wunsch@uriah.heep.sax.de, freebsd-current@FreeBSD.ORG Subject: Re: schg flag on make world in -CURRENT Message-ID: <Pine.BSF.3.91.951128181419.15747A-100000@hub.org> In-Reply-To: <199511282137.OAA22135@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Nov 1995, Terry Lambert wrote: > > > 1) Your user name must be in group "wheel" (in the file /etc/group). > > > > > > 2) Your pty must be marked "secure". > > > > Sheesh. You don't need a "secure" pty in order to su(8) on it! > > No? > > You should. OK. "su" is broken. > It is? Then it must be broken on almost any implementation of Unix I've ever looked at: BSDi, FreeBSD, SunOS, Solaris, AIX, SysV On all the machines that I setup, console is considered to be "unsecure", even as far down as single-user mode reboot. It doesn't add much, but it forces someone to first know which accounts are in group wheel (not hard if you already have an account on the system) and then hack into one of hte account in gorup wheel, and then hack into root itself. Now, what would be broken is if su didn't log failed attempts to get into root, and from which account tried to su... Marc G. Fournier | POP Mail Telnet Acct DNS Hosting scrappy@hub.org | WWW Services Database Services | Knowledge, soon to be: | | Information and scrappy@ki.net | WWW: http://hub.org | Communications, Inc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.951128181419.15747A-100000>