Date: Thu, 28 Mar 2002 00:03:29 +1000 From: Andrew Kenneth Milton <akm@theinternet.com.au> To: Bill Vermillion <bv@wjv.com> Cc: security@FreeBSD.ORG Subject: Re: Question on su / possible hole Message-ID: <20020328000329.E40004@zeus.theinternet.com.au> In-Reply-To: <20020327140006.GA30556@wjv.com>; from bv@wjv.com on Wed, Mar 27, 2002 at 09:00:06AM -0500 References: <20020327140006.GA30556@wjv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
+-------[ Bill Vermillion ]---------------------- | | However I have found that if non-wheel-group user can su to a | user who has wheel privledges - the the non-wheel user can su to | root. So they can simply login as the user with wheel access and circumvent any further checking anyway. They'd need the password after all. -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au| To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328000329.E40004>