Sam <[EMAIL PROTECTED]> writes:
> In that case, I presume that you have removed the "login", "passwd", and
> "su" commands from your UNIX box, because they're setuid root, and they
> obviously violate "good security behavior".
Well, login has no business being setuid root (if you want to change to
another user, log out and let them log in).
windlord:~> dir /usr/bin/login /usr/bin/passwd /usr/bin/su
-r-xr-xr-x 1 root root 104288 Jul 30 1998 /usr/bin/login*
-r-x------ 1 root root 96392 Jan 19 1999 /usr/bin/passwd*
-r-x------ 1 root root 18360 Jan 8 1998 /usr/bin/su*
Of course, I can do this because we're using a distributed authentication
system (no local passwords except root) and because there's a replacement
for su:
windlord:~> dir /usr/bin/ksu
-rws--x--x 1 root root 62112 Mar 19 1998 /usr/bin/ksu*
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
