Probable bug in su:

bug-sh-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Probable bug in su:

From:	B Uday Kumar Reddy
Subject:	Probable bug in su:
Date:	Tue, 28 Jan 2003 05:12:32 +0000 (GMT)

I found the following issue regarding 'su' part of GNU
sh-utils-2.0:

On a system which is a client to the NIS Server
(running ypbind), the root user can do an su to any
other user on the NIS without asking for the password.
This I think should not be allowed as being root on a
machine doesn't give you any right to switch to a user
who is not in the local /etc/passwd file. 
        I understand that this may be a feature of NIS and
not actually a bug in su. In that case can some extra
code be added to su so that any switch user request to
a user not on the local /etc/passwd file could be
authenticated. ( This anyhow won't help in solving the
problem)



The following is the configuration of the NIS and
other things for your information:

Server: NIS Master running on a Sun Solaris UltraSparc
Server with the NFS being another identical server
which is also the NIS slave.

GNU sh-utils version 2.0
ypbind (ypbind-mt) version 1.8




=====
************************
* B Uday Kumar Reddy   *
* (B-Tech 3rd Year CSE)*
* 258, Narmada Hostel, *
* IIT Madras,          *
* Chennai-600036       *
************************

________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
       visit http://in.tv.yahoo.com

[Prev in Thread]

Current Thread

[Next in Thread]

Probable bug in su:, B Uday Kumar Reddy <=
- Re: Probable bug in su:, Bob Proulx, 2003/01/28

Prev by Date: Re: Weird things with uname
Next by Date: Re: Probable bug in su:
Previous by thread: Weird things with uname
Next by thread: Re: Probable bug in su:
Index(es):
- Date
- Thread