At 09:35 AM 12/19/2004, you wrote: > > You could change the permissions on the su binary, so that only users > in the wheel group can even > > execute su. that way, when a non-wheel user attempts to su to a user in > the wheel group, they simply > > get permission denied. > >This is a really good idea. I decided to try it as root and chmod gave me >chmod: su: Operation Not Permitted! The nerve! I'll have to have a look >at that more carefully later :) Yes, I like this idea too. I'll try it for sure. >As a side note, I think Bill's point about 2 passwords to break is pretty >strong in my point of view. Just for simplicity's sake (in both security >and in design), "the su stack" really shouldn't be any larger than 1. No >su'ing twice, or N number of times. That could be useful option too. >Hmm, I wonder if there is an option >for setting that. I suppose someone might have a purpose to, but if they >really need to be doing that, I think they have a problem in their own >designs. Anyway, thanks for all who read my annoying email and responded :) Still I don't know yet how hacker got into the system, but I'll try my best and I hope I will find more in hacked PC in next couple of days. thanks a lot, Ganbold >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"