On Tue, May 21, 2002 at 01:55:24PM -0500, Dave Sherohman wrote: > On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote: > > Do you check for processes running under your uid every time you run su? > > There's (obviously) something I'm still missing here... Why is that > relevant? su only raises the priviliges of a single session, as can > be readily observed by opeining two xterms, running su in one, and > trying to 'touch /bin/su' in the other. > > The only thing that I can think of is for someone to update your > .bashrc (or whatever) with a line saying "alias su='/bin/su ; > /tmp/do-something-evil'" (or directing su to an equivalent script), > but even that would still be running do-something-evil outside of the > su session and, therefore, as your normal account, not as root.
What about an alias for su to a script that appears to be su but actually logs (or mails) the root password. -- Note that I use Debian version 3.0 Linux emac140 2.4.17 #1 sön feb 10 20:21:22 CET 2002 i686 unknown Hans Ekbrand
pgp8nP81KwX1a.pgp
Description: PGP signature
