[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Probable bug in su:

From: B Uday Kumar Reddy
Subject: Probable bug in su:
Date: Tue, 28 Jan 2003 05:12:32 +0000 (GMT)

I found the following issue regarding 'su' part of GNU

On a system which is a client to the NIS Server
(running ypbind), the root user can do an su to any
other user on the NIS without asking for the password.
This I think should not be allowed as being root on a
machine doesn't give you any right to switch to a user
who is not in the local /etc/passwd file. 
        I understand that this may be a feature of NIS and
not actually a bug in su. In that case can some extra
code be added to su so that any switch user request to
a user not on the local /etc/passwd file could be
authenticated. ( This anyhow won't help in solving the

The following is the configuration of the NIS and
other things for your information:

Server: NIS Master running on a Sun Solaris UltraSparc
Server with the NFS being another identical server
which is also the NIS slave.

GNU sh-utils version 2.0
ypbind (ypbind-mt) version 1.8

* B Uday Kumar Reddy   *
* (B-Tech 3rd Year CSE)*
* 258, Narmada Hostel, *
* IIT Madras,          *
* Chennai-600036       *

Missed your favourite TV serial last night? Try the new, Yahoo! TV.
       visit http://in.tv.yahoo.com

reply via email to

[Prev in Thread] Current Thread [Next in Thread]