From owner-freebsd-current Tue Nov 28 21:15:39 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA10789 for current-outgoing; Tue, 28 Nov 1995 21:15:39 -0800 Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA10775 for ; Tue, 28 Nov 1995 21:15:29 -0800 Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id WAA19065; Tue, 28 Nov 1995 22:17:45 -0700 Date: Tue, 28 Nov 1995 22:17:45 -0700 From: Nate Williams Message-Id: <199511290517.WAA19065@rocky.sri.MT.net> To: Terry Lambert Cc: nate@rocky.sri.MT.net (Nate Williams), freebsd-current@FreeBSD.org Subject: Re: schg flag on make world in -CURRENT In-Reply-To: <199511290210.TAA26584@phaeton.artisoft.com> References: <199511282344.QAA18335@rocky.sri.MT.net> <199511290210.TAA26584@phaeton.artisoft.com> Sender: owner-current@FreeBSD.org Precedence: bulk Terry Lambert writes: > > WHAT?!? Terry, you're losing it. > > > > Do you understand what the 'secure' flag means? It means that root is > > allowed to directly login via that tty/pty. So, if you have folks who > > need to come in remotely in your scheme, you need to make *ALL* of your > > connections secure, which opens up a huge can of worms. > > Only if they need to su to root after they come in. What normal user > comes in from outside the firewall and su's anyway? All of the folks who do root work on freefall, and David's work on wcarchive. > It's silly to type a root password over an insecure line. That's the > point of not allowing it. Even if the potential cracker types it > right, he types it wrong. 1) If you are that worried about breakin's, use secure telnet or something like that. > > The current behavior is a mix of usefulness plus security. The cracker > > needs to break into an account which is in the 'wheel' group, and then > > they need to crack the root passwd w/out raising suspicions in the > > logfiles while every failed attempt to 'su' to root is logged to the > > screen, the logfile, and any user already su'd to root on the box. > > Logfiles go away after your cracker in, as do the console contents. And > since you can tell other users su'ed onto the machine (as well as anyone > else syslog feels free to bitch at) without arousing suspicions. We might as well give up then, huh? > All your cracker has to do is watch the wire traffic to get your root > password, and use it, if you allow it to be used over the wire in the > first place. If you've got a snooper on the wire, you've got big problems, the least of which is him getting root access. If that is your concern, use a more secure method of communication to the remote system (ssh, etc..) > Setting pty's secure is a silly thing to do in any situation unless, as > is allowing user's to su from unsecure lines. You can 'su' on insecure lines. You can't directly login as root on insecure lines. Nate