Firewalls: Re: SKEY on a BSDI machine

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SKEY on a BSDI machine
From:	Justin <jc @ shadow . net>
Date:	Fri, 5 Aug 1994 14:26:43 -0400 (EDT)
To:	Brad Huntting <huntting @ csn . org>
Cc:	"Charles B. Kaplan" <cbk @ magna . telco . com>, firewalls @ GreatCircle . COM
In-reply-to:	<199408050423 . AA03672 @ csn . org>

On Thu, 4 Aug 1994, Brad Huntting wrote:

> 
> What I did was to "chown 500 /usr/bin/su" (making it harmless), and to
> install the skey "su" program as "/usr/local/bin/keysu" (modulo
> personal preference).  Skey's "su" doesn't let root su to other users
> w/o authentication.
> 

What's the point of that?  As root you can simply:

seteuid(0);
execl("/bin/sh", "-i", (char *)0);

root shouldn't need authentication via su for other UIDs, it only makes 
it a slight hassle to perform normal system administration functions on 
user's directories.

-jc

Follow-Ups:

Re: SKEY on a BSDI machine
From: jsz @ ramon . bgu . ac . il (jsz)
Re: SKEY on a BSDI machine
From: Brad Huntting <huntting @ csn . org>

References:

Re: SKEY on a BSDI machine
From: Brad Huntting <huntting @ csn . org>

Indexed By Date	Previous:	Re: Proper platform for a firewall From: quent . johnson @ Intellistor . COM (Quentin Johnson)
Indexed By Date	Next:	Re: Proper platform for a firewall From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>
Indexed By Thread	Previous:	Re: SKEY on a BSDI machine From: Brad Huntting <huntting @ csn . org>
Indexed By Thread	Next:	Re: SKEY on a BSDI machine From: Brad Huntting <huntting @ csn . org>