|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Simon J. Gerraty (sjg
quick.com.au)Date: Sun Jan 21 2001 - 03:50:11 CST
> OTOH, there's a strong argument to keep something as security-critical
> as su as bone simple as is possible...
I'd prefer to keep it simple. Of course, _simple_ would mean not
doing SU_INDIRECT_GROUP at all, but then if you have > 1024 worth of
names you want to be able to "su root", you lose. Simply increasing
the linelength limit for /etc/group doesn't help for NIS - which is
the main reason I thought of doing it this way.
Some elaboration is warranted in su(8), but I'm not sure how much -
for a feature that will generally be left off. I don't think we even
mention ROOTAUTH at all.
--sjg
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]