Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Nov 1995 12:25:45 -0600 (CST)
From:      Joe Greco <jgreco@brasil.moneng.mei.com>
To:        terry@lambert.org (Terry Lambert)
Cc:        jkh@time.cdrom.com, terry@lambert.org, joerg_wunsch@uriah.heep.sax.de, freebsd-current@freebsd.org
Subject:   Re: schg flag on make world in -CURRENT
Message-ID:  <199511301825.MAA01422@brasil.moneng.mei.com>
In-Reply-To: <199511292204.PAA28746@phaeton.artisoft.com> from "Terry Lambert" at Nov 29, 95 03:04:01 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> > Terry, I don't think su is broken.  Think about su in an environment where
> > you:  (1) are in an xterm  (2) telnetted in via encrypted telnet  (3) etc.
> 
> I buy the encrypted telnet.
> 
> I don't buy the xterm, unless it's local.
> 
> What you want is a flag on the pty (settable only by root) to tell it
> the client is from a local or secure connection.  An encrypted telnetd
> would set it.  A regular telnetd would not.  A local xterm or screen,
> etc., would set it.  A remotely displayed xterm would not.
> 
> The "secure" really wants to be an attribute of the tty or slave pty
> (as set by an suid program on the master), etc.

So I have several networks that I would consider to be secure because there
is minimal (or no) connectivity to the outside world.  Maybe I don't
necessarily care if I can log in as root, but would at least like to be able
to su, knowing full well that the likelihood of my passwords being
intercepted was minimal at best...  :-)

How does this deal with that?  As I said originally, sometimes perhaps you
just have to trust that root knows what the deal is...  and have good root
passwords  ;-)

... JG



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511301825.MAA01422>