Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Todd Burroughs <todd () hostopia com>
Date: Sun, 7 Dec 2003 03:28:15 -0500 (EST)
Sometimes, old and silly rules aren't just about security. The *real* reason for the "always su from a user account" rule isn't to stop exploits. It's so you have an audit trail of who did what.
This is exactly why I need su. We have about 20 people with root access, only about 8 or 10 that regularly change things. You need an audit trail, we all make mistakes and it's a lot easier and faster (really important on a production system) if you find out who did it and talk to them. If you only have a couple admins, direct root logins should work fine. It's still nice to know what user logged in, if that account is compromised, at least you know. With root logins, you don't know who is logging in. I agree that it doesn't add much in the way of security, but I've found that most problems are caused by the admins. I know I've done my share and I've gotten that call saying "what the f*** did you just do do ns2?". (Usually, I fix things I break before anyone notices though ;-) Also, I haven't looked at the source for su, but it *should* be a fairly simple program and therefore easier to secure. (compare to X, kernel, etc.) Todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Partial Solution to SUID Problems, (continued)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- new dos attack? Geo. (Dec 04)
- Re: new dos attack? Jonathan A. Zdziarski (Dec 04)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- new dos attack? Geo. (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)