This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
First Last Prev Next    This bug is not in your last search results.
Bug 7517 - Use of su from a remote login is a possible security risk
Use of su from a remote login is a possible security risk
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: sh-utils (Show other bugs)
6.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: bero
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-12-02 13:05 EST by Ted Knupke
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-02-03 13:40:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Ted Knupke 1999-12-02 13:05:59 EST 
It is possible for a remote user to log into root via su even when
/etc/security/access.conf is set up to deny access to root from remote
locations.  (I am not sure whether this is a problem with su or with pam.)
Comment 1 Elliot Lee 2000-02-03 13:40:59 EST 
This is the normal, expected behaviour. If you wish to deny root shells at all
from remote hosts, you can change your PAM configuration to use the
pam_securetty module for the 'su' service.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.