Jun-ichiro itojun Hagino <itojun@iijlab.net> writes:
> 	when my machine is in trouble, i usually do not have a window where
> 	i log on as root, so i can do very limited troubleshooting (for
> 	instance, i cannot change shlib symlink to older one as "itojun").
>
> 	so - how about adding "su" in rescue binary?  there may be file
> 	size issue (due to addition of password check routine).  or, if
> 	we make "su" runnable by people in wheel group, we can skip password
> 	check? (leaving a room with logged-in terminal has always risk so
> 	it just increases risk factor)

In theory this is not a problem. In practice, there is a problem --
all the binaries in /rescue are in fact the same file, with many
links! To make one of them suid, you would have to make all of them
suid.

However, in theory one could add a /rescue/su that was built by a
different mechanism.

-- 
Perry E. Metzger		perry@piermont.com