[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shadow passwords and GNU su

Tom Lees writes:
> 	ssh (Hmmm... this is in Debian-non-US, and still needs to work
> 		with Debian 1.1/1.2)

Just recompiling it on a shadow system makes it work with and without
shadow.

> 	samba

Same as above.

> Secondly, what do we do with GNU su and shadow passwords? Since GNU su
> supports shadow passwords, but is not as secure as the su which is part of
> the shadow suite, it could become an undesirable security hole (someone
> wants to do a 'su', but is not in group 'root', so they just run
> '/sbin/gnu-su' instead).

I talked to Guy about this a while ago. He came up with the idea of
diverting the GNU version into a directory that's not accessable for all
users. Alternatively we could remove GNU su completely from shellutils.

> If we are going to move to shadow ASAP, I will upload the next shellutils
> without the GNU su binary.

Could you create a gnu-su package? That would be my favorite.

Michael

-- 
Michael Meskes                         | Projekt-Manager
meskes@topsystem.de                    | topsystem Systemhaus GmbH
meskes@debian.org                      | Europark A2, Adenauerstr. 20
Go SF 49ers! Use Debian GNU/Linux!     | 52146 Wuerselen


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: