From owner-freebsd-current Tue Nov 28 18:17:25 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id SAA00442 for current-outgoing; Tue, 28 Nov 1995 18:17:25 -0800 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id SAA00435 for ; Tue, 28 Nov 1995 18:17:18 -0800 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id TAA26584; Tue, 28 Nov 1995 19:10:38 -0700 From: Terry Lambert Message-Id: <199511290210.TAA26584@phaeton.artisoft.com> Subject: Re: schg flag on make world in -CURRENT To: nate@rocky.sri.MT.net (Nate Williams) Date: Tue, 28 Nov 1995 19:10:38 -0700 (MST) Cc: terry@lambert.org, joerg_wunsch@uriah.heep.sax.de, freebsd-current@FreeBSD.org In-Reply-To: <199511282344.QAA18335@rocky.sri.MT.net> from "Nate Williams" at Nov 28, 95 04:44:07 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1584 Sender: owner-current@FreeBSD.org Precedence: bulk > WHAT?!? Terry, you're losing it. > > Do you understand what the 'secure' flag means? It means that root is > allowed to directly login via that tty/pty. So, if you have folks who > need to come in remotely in your scheme, you need to make *ALL* of your > connections secure, which opens up a huge can of worms. Only if they need to su to root after they come in. What normal user comes in from outside the firewall and su's anyway? It's silly to type a root password over an insecure line. That's the point of not allowing it. Even if the potential cracker types it right, he types it wrong. > The current behavior is a mix of usefulness plus security. The cracker > needs to break into an account which is in the 'wheel' group, and then > they need to crack the root passwd w/out raising suspicions in the > logfiles while every failed attempt to 'su' to root is logged to the > screen, the logfile, and any user already su'd to root on the box. Logfiles go away after your cracker in, as do the console contents. And since you can tell other users su'ed onto the machine (as well as anyone else syslog feels free to bitch at) without arousing suspicions. All your cracker has to do is watch the wire traffic to get your root password, and use it, if you allow it to be used over the wire in the first place. Setting pty's secure is a silly thing to do in any situation unless, as is allowing user's to su from unsecure lines. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.