From owner-freebsd-bugs Thu Dec 26 04:30:05 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id EAA18928 for bugs-outgoing; Thu, 26 Dec 1996 04:30:05 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id EAA18915; Thu, 26 Dec 1996 04:30:03 -0800 (PST) Date: Thu, 26 Dec 1996 04:30:03 -0800 (PST) Message-Id: <199612261230.EAA18915@freefall.freebsd.org> To: freebsd-bugs Cc: From: Guido van Rooij Subject: Re: bin/2265: su(1) does not call skeyaccess() Reply-To: Guido van Rooij Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/2265; it has been noted by GNATS. From: Guido van Rooij To: joerg_wunsch@uriah.heep.sax.de Cc: bradley@dunn.org, FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/2265: su(1) does not call skeyaccess() Date: Mon, 23 Dec 1996 18:09:34 +0100 (MET) J Wunsch wrote: > As bradley@dunn.org wrote: > > > >Description: > > > > su(1) does not call skeyaccess() (from libskey), thus rendering the > > controls in /etc/skey.access useless. > > Well, it rather seems like it was deliberately omitted, as opposed to > forgotten. A user running su(1) has already been authenticated to the > system, and _that's_ where skey.access should hit. > > Guido, any comments on this (and perhaps even a manpage for > skeyaccess(3) :)? Not really. We use a modified su all the time. The advantage is that you never have to type in the root password over an insecure line. If there is enough demand I can add it. I will look for the manpage; I thought I'd already add it. -Guido