Re: Root SSH permitted by default (was: how does root run a graphical prog)

To: debian-user@lists.debian.org
Subject: Re: Root SSH permitted by default (was: how does root run a graphical prog)
From: Dave Sherohman <esper@sherohman.org>
Date: Tue, 21 May 2002 13:55:24 -0500
Message-id: <[🔎] 20020521135524.F5706@sherohman.org>
Mail-followup-to: Dave Sherohman <esper@sherohman.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20020521184410.GB10438@arborlon.riva.ucam.org>; from cjwatson@debian.org on Tue, May 21, 2002 at 07:44:10PM +0100
References: <[🔎] 20020520234531.A5314@singnet.com.sg> <[🔎] 200205201849.19341.gtdev@spearhead.de> <[🔎] 20020520123728.B606@sherohman.org> <[🔎] 20020520180150.GA30651@arborlon.riva.ucam.org> <[🔎] 20020520133749.19d52f42.jcollins@asgardsrealm.net> <[🔎] 20020520192610.GC31416@arborlon.riva.ucam.org> <[🔎] 20020521132320.D5706@sherohman.org> <[🔎] 20020521184410.GB10438@arborlon.riva.ucam.org>

On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote:
> Do you check for processes running under your uid every time you run su?

There's (obviously) something I'm still missing here...  Why is that
relevant?  su only raises the priviliges of a single session, as can
be readily observed by opeining two xterms, running su in one, and
trying to 'touch /bin/su' in the other.

The only thing that I can think of is for someone to update your
.bashrc (or whatever) with a line saying "alias su='/bin/su ;
/tmp/do-something-evil'" (or directing su to an equivalent script),
but even that would still be running do-something-evil outside of the
su session and, therefore, as your normal account, not as root.

-- 
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius

Innocence is no protection when governments go bad. - Tom Swiss


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Hans Ekbrand <hans@sociologi.cjb.net>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Colin Watson <cjwatson@debian.org>

References:
- how does root run a graphical prog
  - From: Willy S <spamtrap@bozz.com>
- Re: how does root run a graphical prog
  - From: Nicos Gollan <gtdev@spearhead.de>
- Re: how does root run a graphical prog
  - From: Dave Sherohman <esper@sherohman.org>
- Re: how does root run a graphical prog
  - From: Colin Watson <cjwatson@debian.org>
- Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Jamin W.Collins <jcollins@asgardsrealm.net>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Colin Watson <cjwatson@debian.org>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Dave Sherohman <esper@sherohman.org>
- Re: Root SSH permitted by default (was: how does root run a graphical prog)
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Next by Date: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Previous by thread: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Next by thread: Re: Root SSH permitted by default (was: how does root run a graphical prog)
Index(es):
- Date
- Thread