SU vulnerability

Rahul Sundaram sundaram at redhat.com
Fri Dec 9 14:02:36 UTC 2005


Sergey wrote:

>I do realise that, however setting "wheel group" security option 
>to /etc/pam.d/su has always been considered enough. For years. Until the 
>USERMODE port, supposed to make the authentication process EASIER, has made 
>the whole system vulnerable.
>
>Why should I know that system-config-users has opened a security hole?
>
If you restrict only su to using the wheel group using pam none of the 
other programs which perform authentication is affected which includes 
system-config-users. If you want 'wheel' group support against other 
such programs feel free to file a request for enhancement against the 
particular packages preferably with patches.

regards
Rahul




More information about the fedora-list mailing list