Re: SU vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-12-09 at 11:59 +0500, Sergey wrote:
> Long time ago I decided to protect my system by allowing *ONLY* users in wheel 
> group to su to root. This allows to protect the system. Regardless where you 
> know the root password or not - you can not su as long as system 
> administrator does not put you into wheel group.
> 
> As I know this is the default behaviour of FreeBSD.
> 
> In redhat you do it by uncommenting line in /etc/pam.d/su
> 
> # Uncomment the following line to require a user to be in the "wheel" group.
> auth       required     /lib/security/$ISA/pam_wheel.so use_uid
> 
> This protects both su and kdesu.
> 
> What do you think? This is useless - it does not protect the system at all, as 
> I've thought for a long time.
> 
> System-config-users utility - a little program to manage users has *NOTHING*, 
> not even a little mention anywhere, that it breaks the security.
> 

So, add the same line to /etc/pam.d/system-config-users

Otherwise, all you have done is to change the handling of security for
the "su" executable, nothing else.

Cheers, Ben



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux