[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PATCHES: more from Debian against 0.72



On Tue, Dec 14, 1999 at 10:18:29PM -0900, Ethan Benson wrote:
> On 14/12/99 Ben Collins wrote:
> 
> >009_modules_pam_wheel: By default this module uses getlogin(), which
> >according to the docs I've read (and experience) is not the best idea.
> >However, the module does have a use_uid option that makes it use getuid().
> >I've changed the module to use getuid() by default, and still accept the
> >use_uid option but ignore it (for compatibility). This patch also updates
> >the documentation for pam_wheel to reflect this.
> 
> 
> this has the side affect of allowing untrusted (non wheel) users to 
> su to a wheel account and then su to root.  maybe i am being overly 
> paranoid :) but is there any safe way to prevent that?

If you give them uid 0, then you can't prevent anything.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  -  collinbm@djj.state.va.us  -  bmc@visi.net    '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []