[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: su does not recognized root password
From: |
James Youngman |
Subject: |
Re: su does not recognized root password |
Date: |
Mon, 31 Jan 2005 08:53:11 +0000 |
User-agent: |
Mutt/1.3.28i |
On Mon, Jan 31, 2005 at 05:34:24AM +0000, Philip Rowlands wrote:
> Listfolk; is there a reason why su doesn't check for "root"-iness before
> jumping into the password prompt or PAM routines? By comparing EUID vs
> UID or somesuch?
In the general case it might be hard to determine that. For example,
setuid() can succeed if the caller has the CAP_SETUID capability
(either because the calling user has CAP_SETUID or because the "su"
binary somehow has the CAP_SETUID capability set). They don't need to
be root. Of course, if they're not root but do have CAP_SETUID, su
will still ask for a password (su asks for a password unless the real
user ID is 0 or the target user has no password).
I don't know, though, of any GNU systems that actually have a way of
associating a file capability set with a file.
Regards,
James.