Prevent root to do su to other user

Prevent root to do su to other user

Post by vkp.. » Mon, 18 Dec 2000 02:45:01



I came across a intresting problem and I need
help in this regard.

I initialised a machine as NIS+client ( with only
information of domain-name and NIS+ Server
address ..in fact address is also not needed).
Because of default read only permission for NIS+
maps to group others the unauthenticated client
gets all the maps information.

Now root on this unauthenticated machine can "su"
to any user of the network. Simplest solution to
this problem is not to have read permission to
group others for the NIS+ maps but in this case
old NIS clients can not be part of the NIS+
network as they rely on the read only permission.

I need help to prevent root to do "su" to some
other user or atleast should be prompted for the
user's password the same way user gets promt for
root password for "su" command.

Thanks

Sent via Deja.com
http://www.deja.com/

 
 
 

Prevent root to do su to other user

Post by Logan Sh » Mon, 18 Dec 2000 10:11:52



>Now root on this unauthenticated machine can "su"
>to any user of the network. Simplest solution to
>this problem is not to have read permission to
>group others for the NIS+ maps but in this case
>old NIS clients can not be part of the NIS+
>network as they rely on the read only permission.

>I need help to prevent root to do "su" to some
>other user or atleast should be prompted for the
>user's password the same way user gets promt for
>root password for "su" command.

Sorry, not possible.  There is no way to deny local permissions to
root.  Even if you try, in theory there is always a way for root to
circumvent it.  And if even if you did succeed, root can always watch
what other processes are doing.

The best you can do is to use some form of network authentication so
that the user has to give a password in order to decrypt a key that
allows them access to an NFS filesystem.  But, this *still* does not
prevent root from getting access another's account, since once the user
has authenticated, the root user can "steal" their access by examining
their address space, etc.  Some of this stuff may require writing a
kernel module to accomplish, but that doesn't mean it's not feasible.

The bottom line is, you have to trust root.  No account is truly safe
from any person who has root on a system where that person logs in.
It's only possible to make it truly safe in situations where the user
is authorized to log in, but never does.

  - Logan

 
 
 

Prevent root to do su to other user

Post by Peter Sundstro » Tue, 19 Dec 2000 07:00:28



> I came across a intresting problem and I need
> help in this regard.

> I initialised a machine as NIS+client ( with only
> information of domain-name and NIS+ Server
> address ..in fact address is also not needed).
> Because of default read only permission for NIS+
> maps to group others the unauthenticated client
> gets all the maps information.

> Now root on this unauthenticated machine can "su"
> to any user of the network. Simplest solution to
> this problem is not to have read permission to
> group others for the NIS+ maps but in this case
> old NIS clients can not be part of the NIS+
> network as they rely on the read only permission.

> I need help to prevent root to do "su" to some
> other user or atleast should be prompted for the
> user's password the same way user gets promt for
> root password for "su" command.

You could always install Secure Solaris.
 
 
 

Prevent root to do su to other user

Post by John Riddoc » Tue, 19 Dec 2000 19:39:27



> I need help to prevent root to do "su" to some
> other user or atleast should be prompted for the
> user's password the same way user gets promt for
> root password for "su" command.

While you can (perhaps) prevent su doing this, the Unix system would allow
any root user to write a program to run setuid() to some user ID and then
exec() /bin/sh (or csh, or whatever).  root is god on a machine and can do
pretty much anything, including switch to another user.  Even if you could
set some option to prevent su to another user, root could override it.

--

http://www.scms.rgu.ac.uk/staff/jr/
"I'd change the world but God won't give me the source code" - Anonymous

 
 
 

1. GNU su (was Re: Preventing SU Root)

Quoth Magnus Ahltorp:
: This su does not allow the system admnistrator to keep a 'wheel' group,
: because the author(s) thinks it is not nice to the users if they manage to
: get hold of the root password. Don't ask me why.
                                 ^^^^^^^^^^^^^^^^

The answer is on the man page (excerpts appended).  After reading this, it
sounds like RMS had a bad experience with the wheel group and swore off
it.  But is his problem really widespread?  How many systems really have
"masses" needed to su root to "thwart the coup" of "rulers?"

I have a great deal of respect for RMS/FSF/the GNU ideal, but would be
interested to hear others' comments on this.

        <snip>
       This  program  does  not  support  a  "wheel  group"  that
       restricts  who can su to super-user accounts, because that
       can help fascist system  administrators  hold  unwarranted
       power over other users.

        <snip>
       Why GNU su does not support the wheel group (by Richard Stallman)
       Sometimes a few of the users try to hold total power  over
       all  the  rest.   For example, in 1984, a few users at the
       MIT AI lab decided to seize power by changing the operator
       password  on  the Twenex system and keeping it secret from
       everyone else.  (I was able to thwart this coup  and  give
       power  back  to  the  users  by patching the kernel, but I
       wouldn't know how to do that in Unix.)

       However, occasionally the rulers do tell  someone.   Under
       the usual su mechanism, once someone learns the root pass-
       word who sympathizes with the ordinary users, he can  tell
       the  rest.   The  "wheel  group"  feature  would make this
       impossible, and thus cement the power of the rulers.

       I'm on the side of the masses, not that of the rulers.  If
       you  are  used  to  supporting the bosses and sysadmins in
       whatever they do, you might  find  this  idea  strange  at
       first.

Andrew Fabbro                       | "In Hong Kong, things are so
ITD Marketing Research              |  simple.  Here, there are too


2. i want a script that makes...

3. su to a user then su to root in startup script

4. Hardware recommendations

5. Can I prevent pinging from others and still ping others?

6. Using Apache can I specifically deny a host from logging onto my server?

7. Could su but says BAD SU from normal user to root

8. X Window Dump to GIF, etc.

9. prevent root or others from being fingered?

10. differences between su root and su - root

11. su root: You do not have permission to su root ?

12. Solution: differences between su root and su - root

13. Prevent motd when doing su