From owner-freebsd-current  Thu Nov 30 10:32:46 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id KAA09198
          for current-outgoing; Thu, 30 Nov 1995 10:32:46 -0800
Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.20.4])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA09191
          for <freebsd-current@freebsd.org>; Thu, 30 Nov 1995 10:32:43 -0800
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id MAA01422; Thu, 30 Nov 1995 12:25:45 -0600
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199511301825.MAA01422@brasil.moneng.mei.com>
Subject: Re: schg flag on make world in -CURRENT
To: terry@lambert.org (Terry Lambert)
Date: Thu, 30 Nov 1995 12:25:45 -0600 (CST)
Cc: jkh@time.cdrom.com, terry@lambert.org, joerg_wunsch@uriah.heep.sax.de,
        freebsd-current@freebsd.org
In-Reply-To: <199511292204.PAA28746@phaeton.artisoft.com> from "Terry Lambert" at Nov 29, 95 03:04:01 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-current@freebsd.org
Precedence: bulk

> > Terry, I don't think su is broken.  Think about su in an environment where
> > you:  (1) are in an xterm  (2) telnetted in via encrypted telnet  (3) etc.
> 
> I buy the encrypted telnet.
> 
> I don't buy the xterm, unless it's local.
> 
> What you want is a flag on the pty (settable only by root) to tell it
> the client is from a local or secure connection.  An encrypted telnetd
> would set it.  A regular telnetd would not.  A local xterm or screen,
> etc., would set it.  A remotely displayed xterm would not.
> 
> The "secure" really wants to be an attribute of the tty or slave pty
> (as set by an suid program on the master), etc.

So I have several networks that I would consider to be secure because there
is minimal (or no) connectivity to the outside world.  Maybe I don't
necessarily care if I can log in as root, but would at least like to be able
to su, knowing full well that the likelihood of my passwords being
intercepted was minimal at best...  :-)

How does this deal with that?  As I said originally, sometimes perhaps you
just have to trust that root knows what the deal is...  and have good root
passwords  ;-)

... JG