Subject: Re: "su" in rescue?
To: Jun-ichiro itojun Hagino <>
From: Roland C. Dowdeswell <>
List: tech-userlevel
Date: 06/23/2004 16:02:15
On 1088002799 seconds since the Beginning of the UNIX epoch
Jun-ichiro itojun Hagino wrote:

>	so - how about adding "su" in rescue binary?  there may be file
>	size issue (due to addition of password check routine).  or, if
>	we make "su" runnable by people in wheel group, we can skip password
>	check? (leaving a room with logged-in terminal has always risk so
>	it just increases risk factor)

I would feel rather uncomfortable about having a su(1) in /rescue
that did not prompt for a root password, but rather just checked
for membership in the wheel group.  It would in effect remove almost
the entire reason for having a root password to begin with, let
alone the effect on a properly Kerberised environment, etc.

If we do decide to put a su(1) in /rescue, we should try to ensure
that it provides a [not nec. proper] subset of the functionality
of /usr/bin/su and provides said functionality with the same code
as one finds in /usr/bin/su.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/