Date: Thu, 30 Nov 1995 12:25:45 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: terry@lambert.org (Terry Lambert) Cc: jkh@time.cdrom.com, terry@lambert.org, joerg_wunsch@uriah.heep.sax.de, freebsd-current@freebsd.org Subject: Re: schg flag on make world in -CURRENT Message-ID: <199511301825.MAA01422@brasil.moneng.mei.com> In-Reply-To: <199511292204.PAA28746@phaeton.artisoft.com> from "Terry Lambert" at Nov 29, 95 03:04:01 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Terry, I don't think su is broken. Think about su in an environment where > > you: (1) are in an xterm (2) telnetted in via encrypted telnet (3) etc. > > I buy the encrypted telnet. > > I don't buy the xterm, unless it's local. > > What you want is a flag on the pty (settable only by root) to tell it > the client is from a local or secure connection. An encrypted telnetd > would set it. A regular telnetd would not. A local xterm or screen, > etc., would set it. A remotely displayed xterm would not. > > The "secure" really wants to be an attribute of the tty or slave pty > (as set by an suid program on the master), etc. So I have several networks that I would consider to be secure because there is minimal (or no) connectivity to the outside world. Maybe I don't necessarily care if I can log in as root, but would at least like to be able to su, knowing full well that the likelihood of my passwords being intercepted was minimal at best... :-) How does this deal with that? As I said originally, sometimes perhaps you just have to trust that root knows what the deal is... and have good root passwords ;-) ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511301825.MAA01422>