Firewalls: Re: SKEY on a BSDI machine

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SKEY on a BSDI machine
From:	Brad Huntting <huntting @ csn . org>
Date:	Fri, 05 Aug 1994 14:11:43 -0600
To:	Justin <jc @ shadow . net>
Cc:	Brad Huntting <huntting @ csn . org>, "Charles B. Kaplan" <cbk @ magna . telco . com>, firewalls @ greatcircle . com
In-reply-to:	Your message of "Fri, 05 Aug 1994 14:26:43 EDT." <Pine . 3 . 89 . 9408051449 . A29038-0100000 @ anshar . shadow . net>

>> What I did was to "chown 500 /usr/bin/su" (making it harmless), and to
>> install the skey "su" program as "/usr/local/bin/keysu" (modulo
>> personal preference).  Skey's "su" doesn't let root su to other users
>> w/o authentication.

> What's the point of that?  As root you can simply:

> seteuid(0);
> execl("/bin/sh", "-i", (char *)0);

> root shouldn't need authentication via su for other UIDs, it only makes 
> it a slight hassle to perform normal system administration functions on 
> user's directories.

It's a workaround for a bug in the skey version of su...

References:

Re: SKEY on a BSDI machine
From: Justin <jc @ shadow . net>

Indexed By Date	Previous:	S/Key on BSDI From: Howard Chu <howard @ harry . lloyd . com>
Indexed By Date	Next:	Re: SKEY on a BSDI machine From: jsz @ ramon . bgu . ac . il (jsz)
Indexed By Thread	Previous:	Re: SKEY on a BSDI machine From: Justin <jc @ shadow . net>
Indexed By Thread	Next:	Re: SKEY on a BSDI machine From: jsz @ ramon . bgu . ac . il (jsz)