Running random user programs as ROOT?!
Malte Uhl
malte at techfak.uni-bielefeld.de
Wed Jun 26 20:16:12 AEST 1991
|> BTW, this isn't purely hypothetical. I recently added a dumb terminal
|> to this (Sys/VR3) system so that when X shoots itself in the foot and
|> goes zombie on me, I have a back door to do something short of pushing
|> the reset button. But what I can do there is very limited, because
|> when I type "su" it just says "Sorry", without even asking me for a
|> password. TFM hasn't helped at all to explain why su is so
|> recalcitrant. I've done what any hacker would do - written my own
|> version of su. Now I find that, according to the above, it is horribly
|> broken. I'd like to know how to make it less so. How do I do that?
1. You can get your "real" real user ID in the same way as
who am i
does by reading /etc/utmp and /var/amd/wtmp.
The record there says as who you once logged in and is therefor inde-
pendent from your real or effective ID.
2. Su will tell you it's sorry if you try to login (su -) as root at an
unsecure terminal.
Malte
More information about the Comp.unix.admin
mailing list