On Tue, 14 May 2002 14:50:01 -0700 Mike Oliver <[EMAIL PROTECTED]> wrote:
> Damian G wrote: > > On Tue, 14 May 2002 13:21:59 -0700 > > Mike Oliver <[EMAIL PROTECTED]> wrote: > >> Michael Viron wrote: > >> > >>> Change the group ownership on su to root:wheel . > >>> Next, remove execute permission from "other" on su. > >> > >> I have to say I find this option kind of puzzling. > >> What's the rationale exactly? Why couldn't an > >> opponent who knew the root pword just execute > >> his *own* copy of su? It seems it would have nuisance > >> value at best. Not that nuisance value couldn't be of > >> some practical use, provided the security admin doesn't > >> think it's a substitute for safeguarding passwords. > > > hmm.. how about denying read access too? > > What would stop the opponent from transferring a copy of su > from another machine? > > hmm ok ok ok what about this. ;oP this gets better, how about moving the su executable to a dedicated directory and denying to "other" users permission to acces or list that dir? for example.... something like this. mkdir /bin/SU mv /bin/su /bin/SU/su and then add an alias system-wide alias su /bin/SU/su so if the directory /bin/SU is locked for certain people, they would get no access? Damian
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
