To: None <>
From: Simon J. Gerraty <>
List: tech-security
Date: 01/21/2001 01:50:11
> OTOH, there's a strong argument to keep something as security-critical
> as su as bone simple as is possible...

I'd prefer to keep it simple.  Of course, _simple_ would mean not
doing SU_INDIRECT_GROUP at all, but then if you have > 1024 worth of
names you want to be able to "su root", you lose.  Simply increasing
the linelength limit for /etc/group doesn't help for NIS - which is
the main reason I thought of doing it this way.

Some elaboration is warranted in su(8), but I'm not sure how much -
for a feature that will generally be left off.  I don't think we even
mention ROOTAUTH at all.
