Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Oct 2003 13:08:26 -0700
From:      Avleen Vig <lists-freebsd@silverwraith.com>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        Kip Macy <kmacy@fsmware.com>
Subject:   Re: process checkpoint restore facility now in DragonFly BSD
Message-ID:  <20031021200826.GS792@silverwraith.com>
In-Reply-To: <20031021163038.GA66101@rot13.obsecurity.org>
References:  <20031020134532.B63978@demos.bsdclusters.com> <20031021163038.GA66101@rot13.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 21, 2003 at 09:30:38AM -0700, Kris Kennaway wrote:
> > Please note that there are *SEVERE* security issues with this module.
> > The module is not loaded into the kernel by default and, when loaded,
> > can only be used by users in the wheel group.
> 
> Why the wheel group?  Until now, the only special privilege this group
> has is that users are allowed to su to root, if they knew the
> password.  It looks like now you've removed the root password barrier
> and allow anyone in the wheel group to manipulate processes to obtain
> root without a password :-)

If you don't want them getting root, don't put them in wheel? ;-)
<ducks>

-- 
Avleen Vig
Systems Administrator
Personal: www.silverwraith.com
EFnet:    irc.mindspring.com (Earthlink user access only)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031021200826.GS792>