SU vs. ssh root at host

[Gert Doering]

Hi,

On Fri, Feb 23, 2001 at 06:12:31PM -0800, Dan Kaminsky wrote:
>     su cannot be run without trusting the shell.  The shell cannot be
> trusted without trusting any instructions the shell uses, from library calls
> to rc scripts.  Hell, the instructions the shell uses can't even be trusted,
> since they're all living in userspace memory.
> 
>     By contrast, SSHD is generally a root owned, highly secure environment
> with no unpriveledged userspace dependancies.

I can't really follow that reasoning.

 - su is a root owned, suid program, which is much smaller than sshd, so
   it is less prone to have errors

 - sshd needs to run a user shell after login, so the shell dependency 
   is there as well.

What am I missing?

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de