[Gllug] SULOG
Paul Nasrat
pnasrat at uk.now.com
Fri Nov 2 12:36:45 UTC 2001
On Fri, Nov 02, 2001 at 12:54:00PM +0000, Dean wrote:
> On Fri, Nov 02, 2001 at 11:29:31AM -0000, Jackson, Harry wrote:
> > #! /bin/bash
> > echo $HOME >> /tmp/.suid_log
> > suid
>
> > This would be easy to get around though but if they ls the bin directory
>
> It would also be easy to nuke the log file. You'd have to have quite open
> permissions on the log file. I was thinking about something like 600 since
> root is the owner. Thinking about it though you could use chattr +a...
But chattr is only ext2 IIRC. So there goes your HPUX and Solaris
portability.
Assuming that you can't modify su itself the most sensible way to do
this would be to write a PAM module for it HP-UX 11.x, Solaris, Linux
will support this.
I'd suggest you take a look at the PAM_su module which gives the ability
to restrict by group and either modify that to do what you want or use
it as a reference implementation.
Paul
--
"we apologise for any inconvenience" - God's Last Message to His Creation
Courtesy of Douglas Adams
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list