[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] can't su -
- Subject: Re: [cobalt-security] can't su -
- From: Thomas Mertz <tmertz@xxxxxxxxxxxxx>
- Date: Mon, 09 Sep 2002 19:02:17 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Of course since Sun releases patches so slowly that any RAQ can be rooted
(for example the /usr/lib/authenticate flaw still waiting for resolution) by
anyone with shell access its as if all users have su access and know the
password already :(
Tom
----- Original Message -----
From: "Jeff Lasman" <jblists@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, September 09, 2002 4:18 PM
Subject: Re: [cobalt-security] can't su -
> Gerald Waugh wrote:
>
> > Interesting what Stallman says about the wheel group!
> > http://www.delorie.com/gnu/docs/sh-utils/su.1.html
>
> Yes, but he was speaking circa 1985. In 1985 we didn't have myriad
> webhosting companies giving their clients login privileges.
>
> The man page from gnu su from the latest Red Hat (7.3), but that one
> doesn't seem to require membership in wheel for su to work. I haven't
> tested any RaQs.
>
> Since we don't offer shell accounts it doesn't matter to us, but if we
> did, I'd NOT want people to be able to log into root unless they were
> members of wheel.
>
> Stallman likes to empower people; I don't like to empower them to get
> into my servers as root.
>
> Jeff
> --
> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> Linux and Cobalt/Sun/RaQ Consulting
> nobaloney.net, P. O. Box 52672, Riverside, CA 92517
> voice: +1 909 778-9980 * fax: +1 909 548-9484
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>