Re: Strange command histories in hacked shell history
Hello!
In message to <freebsd-security@freebsd.org> sent Fri, 17 Dec 2004
21:25:56 -0500 you wrote:
BV> I understand that after using Unix for about 2 decades.
BV> However in FreeBSD a user is supposed to be in the wheel group [if
BV> it exists] to be able to su to root.
BV> But if a person who is not in wheel su's to a user who is in wheel,
BV> then they can su to root - as the system sees them as the other
BV> user. This means that the 'wheel' security really is nothing more
BV> than a 2 password method to get to root.
BV> If the EUID of the orignal invoker is checked, even if they su'ed
BV> to a person in wheel, then they should not be able to su to root.
You can block access to su for untrusted users.
Although keep in mind that attackers would still be able to log in to
cracked wheel UID using ssh and then su to root - it still doesn't need
anything more that the same two passwords.
You can disable password logins for wheel UIDs at all and log in using
certificates.
--
Slawomir Piotrowski
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 9 之 21 篇):