Date: 18 Dec 2004 10:45:06 GMT From: Rudolf Polzer <divzero@gmail.com> To: muc-lists-freebsd-security@moderators.muc.de Subject: Re: Strange command histories in hacked shell history Message-ID: <slrncs82hi.2adm.divzero@message-id.durchnull.ath.cx> References: <20041217120138.7A89116A4D2@hub.freebsd.org> <20041217145315.GB68582@wjv.com> <41C391BE.3030604@earthlink.net> <20041218022556.GA85192@wjv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
»Bill Vermillion« <bv@wjv.com> wrote:
> But if a person who is not in wheel su's to a user who is in wheel,
> then they can su to root - as the system sees them as the other
> user. This means that the 'wheel' security really is nothing more
> than a 2 password method to get to root.
It is exactly that.
> If the EUID of the orignal invoker is checked, even if they su'ed
> to a person in wheel, then they should not be able to su to root.
No, since the EUID is also changed on su.
> I'm asking why is this permitted, or alternatively why is putting a
> user in the wheel group supposed to make things secure, when in
> reality it just makes it seem more secure - as there is only one
> more password to crack.
Well, if su could not su from a non-wheel user to a wheel user, the user would
just ssh to localhost instead. For example.
--
/ --- Where bots rampage, I'm there to take them down! --- \
/ ------ Where trouble arises, I'm there to cause it! ------ \
\ Where an enemy tries to frag me, victory will be mine!!!1! /
{{dup[exch{dup exec}fork =}loop}dup exec >> http://www.ccc-offenbach.org <<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrncs82hi.2adm.divzero>