--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

On Fri, Jun 25, 2004 at 08:54:32AM -0400, Andrew Brown wrote:
> On Thu, Jun 24, 2004 at 11:12:30AM +1000, Luke Mewburn wrote:
> >
> >There will be security concerns in the future if we provided a
> >statically linked (and possibly less functional) /rescue/su once
> >/usr/bin/su supports dynamically linked PAM modules, since users
> >could avoid the PAM policies for /usr/bin/su by running /rescue/su.
>=20
> not to mention the fact that su is suid root and the rest of /rescue
> isn't.

I think some of the problems would be avoided by providing a statically=20
linked /rescue/suroot that can only be used to gain root access ... whatever
you would get by booting into single user mode.

If even this isn't desirable at a site (only allow non-PAM root access if
disconnected from network), /rescue/suroot can be erased.

Regards,
	-is

--=20
seal your e-mail: http://www.gnupg.org/

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFA3CIhN4tiz3B8hB0RAp6UAJ9qz59mP3aYOdb0ZgThRwPrGwkrWwCgh9n7
VHf0cE4M33v3HENspY96Ybc=
=3R0A
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--