[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] AWStats

Subject: RE: [cobalt-developers] AWStats
From: "William L. Thomson Jr." <support@xxxxxxxxxxxxxxxxxxxx>
Date: Sun Aug 18 13:25:01 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

First off this is getting a little off topic for this list and is
heading toward a security related topic.

On Sun, 2002-08-18 at 12:51, Matthew Nuzum wrote:
> > > Can you please tell the difference between "su" and /bin/su" please.
> I
> > have
> > > always been doing "su".
> > 
> > One is relative and one is absolute. Both are the same, it's just one
> > will work if /bin is not in your PATH env var. So you can almost
> always
> > use su, but some shell scripts or programs may require /bin/su. Once
> > again depending on the PATH env var for the user.
> > 
> That is not a very compelling reason to use /bin/su instead of su.  A
> better reason is this:
> If a hacker get's limited access to your system, they will try to get
> elevated access by placing a trojan binary on your system and trick you
> into using it.

At that point you are already sool, as they have already exploited a
password or something else.

> It should be difficult for a non-root user to mess with the /bin
> directory so if you use the full path '/bin/su' you can be reasonably
> confident you're not getting tricked into exposing your system password
> with a trojan version.

First off there are only a few ways to use a different PATH env var
during login. One is by editing /etc/profile, /etc/bashrc, or another
systems wide shell env var script.  Another is on a per user basis via
bashrc, bash_profile, or some other in the users dir.

So back to my point, if they can access the system wide ones, they
already have root privileges. If they can access a user's one they
already have access to anything that the user can access. Which also
mean they would know or have a way around the users or root password.

If they have access to the users account then they can only really do
damage to what that user has privileges to do.

If they have access to root, you are sool.

So saying using /bin/su over su due to security issues is a little off
track. I understand your point, but really buy the time they can put a
trojan version on your machine you are already sool. So at that point
you must ask yourself, can they only affect that user, or all?

Most likely it will only be that user affected. If it is root or admin
on a cobalt, you have bigger things to worry about. Like them locking
you out of the machine by changing the users and root/admin passwords.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

Follow-Ups:
- Re: [cobalt-developers] AWStats
  - From: Zeffie

References:
- RE: [cobalt-developers] AWStats
  - From: Matthew Nuzum

Prev by Date: Re: [cobalt-developers] Getting rid of the @www.name.com
Next by Date: Re: [cobalt-developers] Alternative RAQ2 OS?
Previous by thread: RE: [cobalt-developers] AWStats
Next by thread: Re: [cobalt-developers] AWStats

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index