Date: Fri, 17 Dec 2004 20:11:10 -0600 From: Elvedin Trnjanin <mnsan11@earthlink.net> To: bv@wjv.com Cc: freebsd-security@freebsd.org Subject: Re: Strange command histories in hacked shell history Message-ID: <41C391BE.3030604@earthlink.net> In-Reply-To: <20041217145315.GB68582@wjv.com> References: <20041217120138.7A89116A4D2@hub.freebsd.org> <20041217145315.GB68582@wjv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Vermillion wrote:
>
>Can anyone explain why su does not use the UID from the login
>instead of the EUID ? It strikes me as a security hole, but I'm no
>security expert so explanations either way would be welcomed.
>
>Bill
>
>
>
>
Because su does exactly what is says. From the manual -
DESCRIPTION
*su* requests the password for /login/ and switches to that user and group ID
after obtaining proper authentication.
Just for fun, here's an little snippet from the sudo manual -
DESCRIPTION
*sudo* allows a permitted user to execute a /command/ as the superuser
or another user, as specified in the /sudoers/ file. The real and
effective uid and gid are set to match those of the target user as
specified in the passwd file and the group vector is initialized based
on blah blah blah...
--
---
----
http://www.ods.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C391BE.3030604>