On 3/08/10 07:10 PM, Alan Coopersmith wrote:
Darren Reed wrote:
There are any number of login methods that have built in "do not let
root login this way" features. So now, rather than try to attack the
root account, a hacker is forced (if they weren't before) to target
another account. And once they crack that account, all they need to do
is run "pfexec" to gain privilege. Unlike su, there is no second
password required to run pfexec in the current installation. In effect,
every account that can run pfexec and assume all of those privileges
without a password is now a root account yet there is no restriction on
where they can be logged into from.
That's an acknowledged bug in the profiles granted to the default user
account established by the current Caiman installers, not a property of
making root a role.
https://defect.opensolaris.org/bz/show_bug.cgi?id=4885
Last time I tried, I could not su to root because it was a role.
If "sudo" allows people to run commands as root in an installation
where root is a role and not an account then the model of not
allowing logins to a role is broken.
Darren
_______________________________________________
security-discuss mailing list
[email protected]
