yes but in order to change su the cracker would have to comprimise root as well. meaning two passwords compromised not one. (users have read access to su but not write) So I still agree with Todd better to have two locks than one on on the door.
James On Mon, 2002-10-07 at 12:29, J. Grant wrote: > Hi Todd, James > > if only user accounts have been compromised > > .bashrc .tscshrc .profile etc could be changed to soemthing else, then > su would not be the real su. > > if possible logging in directly as root is the best option, less chance > of a compromised user account meaning root is compromised as well. > > ssh host -l jg -t "/bin/su -l root" > > this means that the users shell is not used, /bin/sh is > > this uses /bin/sh which does not load .bashrc etc etc > > LD_PRELOAD is ignored as well due to sh being suid root > > JG > > Todd Lyons wrote: > > J. Grant wrote on Sun, Oct 06, 2002 at 08:07:32PM +0100 : > > > >>theoretically not, if some1 has got a fake binary for your shell as a > >>normal user, he/she can then log you getting root. best way is to get > >>the ssh client to execute the login command as root and go in directly. > >>(thus bypassing the binarys that could have been compromised) > > > > > > If the user installed fake binaries (especially the shell), then they > > already have root on your machine. > > > > Blue skies... Todd > > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
