[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Probable bug in su:
From: |
B Uday Kumar Reddy |
Subject: |
Probable bug in su: |
Date: |
Tue, 28 Jan 2003 05:12:32 +0000 (GMT) |
I found the following issue regarding 'su' part of GNU
sh-utils-2.0:
On a system which is a client to the NIS Server
(running ypbind), the root user can do an su to any
other user on the NIS without asking for the password.
This I think should not be allowed as being root on a
machine doesn't give you any right to switch to a user
who is not in the local /etc/passwd file.
I understand that this may be a feature of NIS and
not actually a bug in su. In that case can some extra
code be added to su so that any switch user request to
a user not on the local /etc/passwd file could be
authenticated. ( This anyhow won't help in solving the
problem)
The following is the configuration of the NIS and
other things for your information:
Server: NIS Master running on a Sun Solaris UltraSparc
Server with the NFS being another identical server
which is also the NIS slave.
GNU sh-utils version 2.0
ypbind (ypbind-mt) version 1.8
=====
************************
* B Uday Kumar Reddy *
* (B-Tech 3rd Year CSE)*
* 258, Narmada Hostel, *
* IIT Madras, *
* Chennai-600036 *
************************
________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
visit http://in.tv.yahoo.com
- Probable bug in su:,
B Uday Kumar Reddy <=