From owner-cvs-usrbin Mon Feb 24 14:46:44 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA25350 for cvs-usrbin-outgoing; Mon, 24 Feb 1997 14:46:44 -0800 (PST) Received: from sequent.kiae.su (sequent.kiae.su [193.125.152.6]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id OAA25317; Mon, 24 Feb 1997 14:45:29 -0800 (PST) Received: by sequent.kiae.su id AA25514 (5.65.kiae-2 ); Tue, 25 Feb 1997 01:25:19 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 25 Feb 97 01:25:17 +0300 Received: (from ache@localhost) by nagual.ru (8.8.5/8.8.5) id BAA01507; Tue, 25 Feb 1997 01:09:10 +0300 (MSK) Date: Tue, 25 Feb 1997 01:09:04 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= To: Guido van Rooij Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.1 su.c In-Reply-To: <199702242032.MAA15843@freefall.freebsd.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 24 Feb 1997, Guido van Rooij wrote: > guido 97/02/24 12:32:27 > > Modified: usr.bin/su su.1 su.c > Log: > When group wheel is empty, allow everyone to su to root. This has normally > no conseqeunces as we ship with a non-empty wheel. I disagree. Some sysadmins intentionally make it empty to disallow 'su' and allow only root login from console. Also implicit defaults in this way can be potential hole. Direct list of users here shows better who currently have access than empty default with unknown users list, please back it out. -- Andrey A. Chernov http://www.nagual.ru/~ache/