Strange command histories in hacked shell history

Rudolf Polzer divzero at gmail.com
Sat Dec 18 02:45:10 PST 2004


»Bill Vermillion« <bv at wjv.com> wrote:
> But if a person who is not in wheel su's to a user who is in wheel,
> then they can su to root - as the system sees them as the other
> user.  This means that the 'wheel' security really is nothing more
> than a 2 password method to get to root.

It is exactly that.

> If the EUID of the orignal invoker is checked, even if they su'ed
> to a person in wheel, then they should not be able to su to root.

No, since the EUID is also changed on su.

> I'm asking why is this permitted, or alternatively why is putting a
> user in the wheel group supposed to make things secure, when in
> reality it just makes it seem more secure - as there is only one
> more password to crack.

Well, if su could not su from a non-wheel user to a wheel user, the user would
just ssh to localhost instead. For example.


-- 
          / --- Where bots rampage, I'm there to take them down! --- \
         / ------ Where trouble arises, I'm there to cause it! ------ \
         \ Where an enemy tries to frag me, victory will be mine!!!1! /
{{dup[exch{dup exec}fork =}loop}dup exec      >> http://www.ccc-offenbach.org <<


More information about the freebsd-security mailing list