From owner-freebsd-current Tue Nov 28 19:01:09 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA03267 for current-outgoing; Tue, 28 Nov 1995 19:01:09 -0800 Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.20.4]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA03258 for ; Tue, 28 Nov 1995 19:01:04 -0800 Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id UAA13600; Tue, 28 Nov 1995 20:47:56 -0600 From: Joe Greco Message-Id: <199511290247.UAA13600@brasil.moneng.mei.com> Subject: Re: schg flag on make world in -CURRENT To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Tue, 28 Nov 1995 20:47:56 -0600 (CST) Cc: terry@lambert.org, joerg_wunsch@uriah.heep.sax.de, freebsd-current@FreeBSD.ORG In-Reply-To: <2748.817605372@time.cdrom.com> from "Jordan K. Hubbard" at Nov 28, 95 04:36:12 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-current@FreeBSD.ORG Precedence: bulk > Yeah, and you don't need a note from your mother either. I would > therefore like to join Terry in demanding that su be disabled until > the requisite scanner support (with authentication) be added directly > into the kernel. > > > > > 1) Your user name must be in group "wheel" (in the file /etc/group > ). > > > > > > > > 2) Your pty must be marked "secure". > > > > > > Sheesh. You don't need a "secure" pty in order to su(8) on it! > > > > No? > > > > You should. OK. "su" is broken. Very funny Jordan. Terry, I don't think su is broken. Think about su in an environment where you: (1) are in an xterm (2) telnetted in via encrypted telnet (3) etc. Wheel users should be intelligent enough to decide on their own if their channel is sufficiently secure. Forcing people to mark their pty's as "secure" would be making the system less secure. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847