From owner-freebsd-security Wed Mar 27 6: 0:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id 3A51737B419 for ; Wed, 27 Mar 2002 06:00:07 -0800 (PST) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id g2RE06630896 for security@freebsd.org; Wed, 27 Mar 2002 09:00:06 -0500 (EST) (envelope-from bv) Date: Wed, 27 Mar 2002 09:00:06 -0500 From: Bill Vermillion To: security@freebsd.org Subject: Question on su / possible hole Message-ID: <20020327140006.GA30556@wjv.com> Reply-To: bv@wjv.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I don't know if this is where I should ask, so apologies if it's the wrong place. There is a wheel group and only people who are in the wheel group are to be able to su to the root account. I like that approach because even if people has the root password they can't su to root. However I have found that if non-wheel-group user can su to a user who has wheel privledges - the the non-wheel user can su to root. Since BSD doesn't use the EUID/EGID methods in SysV so you know who the user is in reality, it would seem perhaps logical to use the login id of the person to check wheel group privledges. I have noted that this appears to me anyway, and may have missed something else, that this is only way you can tell who the original user is. Because of this way to bypass not having a wheel group entry for a user - this seems to me to be a potential security hole. IOW if you have made sure those in wheel are authenticated so you know for sure who they are you may assume that they are safe. I realize that it falls back to the user in the wheel group who has had their password compromised. It just strike me as odd with all the other safeguards in place that this one can occur. Does anyone know the reason behind this design, it it was done this way purposely. Am I being overly paranoid about this? Thanks. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message