From owner-freebsd-current Wed Nov 29 14:19:12 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA25619 for current-outgoing; Wed, 29 Nov 1995 14:19:12 -0800 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA25613 for ; Wed, 29 Nov 1995 14:19:06 -0800 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id PAA28746; Wed, 29 Nov 1995 15:04:02 -0700 From: Terry Lambert Message-Id: <199511292204.PAA28746@phaeton.artisoft.com> Subject: Re: schg flag on make world in -CURRENT To: jgreco@brasil.moneng.mei.com (Joe Greco) Date: Wed, 29 Nov 1995 15:04:01 -0700 (MST) Cc: jkh@time.cdrom.com, terry@lambert.org, joerg_wunsch@uriah.heep.sax.de, freebsd-current@FreeBSD.ORG In-Reply-To: <199511290247.UAA13600@brasil.moneng.mei.com> from "Joe Greco" at Nov 28, 95 08:47:56 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1562 Sender: owner-current@FreeBSD.ORG Precedence: bulk > Terry, I don't think su is broken. Think about su in an environment where > you: (1) are in an xterm (2) telnetted in via encrypted telnet (3) etc. I buy the encrypted telnet. I don't buy the xterm, unless it's local. What you want is a flag on the pty (settable only by root) to tell it the client is from a local or secure connection. An encrypted telnetd would set it. A regular telnetd would not. A local xterm or screen, etc., would set it. A remotely displayed xterm would not. The "secure" really wants to be an attribute of the tty or slave pty (as set by an suid program on the master), etc. > Wheel users should be intelligent enough to decide on their own if their > channel is sufficiently secure. Forcing people to mark their pty's as > "secure" would be making the system less secure. The marking is really a useless activity. They should never be marked secure -- su and login need to decide whether or not to relax security based on administrative fiat. Having a "secure" marking in the /etc/ttys is a kludge dating back to the serial console. It really has nothing to do with networking connections, except that pty's are used for network based logins. And that's just coincidental -- it based on how the network access happens to be implemented in this particular case. Most modern systems push an ldterm on the stream head and directly hook the slave instead of using a pty at all. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.