Re: Shadow passwords and GNU su
Tom Lees writes:
> ssh (Hmmm... this is in Debian-non-US, and still needs to work
> with Debian 1.1/1.2)
Just recompiling it on a shadow system makes it work with and without
shadow.
> samba
Same as above.
> Secondly, what do we do with GNU su and shadow passwords? Since GNU su
> supports shadow passwords, but is not as secure as the su which is part of
> the shadow suite, it could become an undesirable security hole (someone
> wants to do a 'su', but is not in group 'root', so they just run
> '/sbin/gnu-su' instead).
I talked to Guy about this a while ago. He came up with the idea of
diverting the GNU version into a directory that's not accessable for all
users. Alternatively we could remove GNU su completely from shellutils.
> If we are going to move to shadow ASAP, I will upload the next shellutils
> without the GNU su binary.
Could you create a gnu-su package? That would be my favorite.
Michael
--
Michael Meskes | Projekt-Manager
meskes@topsystem.de | topsystem Systemhaus GmbH
meskes@debian.org | Europark A2, Adenauerstr. 20
Go SF 49ers! Use Debian GNU/Linux! | 52146 Wuerselen
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: