Subject: Re: "su" in rescue?
To: Jun-ichiro itojun Hagino <>
From: Perry E. Metzger <>
List: tech-userlevel
Date: 06/23/2004 15:39:59
Jun-ichiro itojun Hagino <> writes:
> 	when my machine is in trouble, i usually do not have a window where
> 	i log on as root, so i can do very limited troubleshooting (for
> 	instance, i cannot change shlib symlink to older one as "itojun").
> 	so - how about adding "su" in rescue binary?  there may be file
> 	size issue (due to addition of password check routine).  or, if
> 	we make "su" runnable by people in wheel group, we can skip password
> 	check? (leaving a room with logged-in terminal has always risk so
> 	it just increases risk factor)

In theory this is not a problem. In practice, there is a problem --
all the binaries in /rescue are in fact the same file, with many
links! To make one of them suid, you would have to make all of them

However, in theory one could add a /rescue/su that was built by a
different mechanism.

Perry E. Metzger