From owner-freebsd-security Thu Sep 21 19:21:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from proxy.OBK.ru (ovk.barrt.ru [194.84.233.130]) by hub.freebsd.org (Postfix) with ESMTP id A0D3937B424 for ; Thu, 21 Sep 2000 19:21:30 -0700 (PDT) Received: from localhost (subs@localhost) by proxy.OBK.ru (8.9.3/8.9.3) with ESMTP id JAA22761 for ; Fri, 22 Sep 2000 09:26:54 +0700 (NOVST) (envelope-from subs@proxy.obk.ru) Date: Fri, 22 Sep 2000 09:26:54 +0700 (NOVST) From: "Yuri A. Wolf" To: freebsd-security@FreeBSD.org Subject: I thinked it is fixed Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings! May be it's not a big bug, but I think important for security, that's why I sent it here: 1. Login normally as root 2. Do the next #/usr/bin/login -f userx Now I'm non-root user 'userx'. 3. Exit back $^D # Now I'm root, right? But try to do "who", "who am i", "finger", they all say 'userx'. Althou "whoami" works correctly, shows 'root'. I'm agree absolutely that normally hacker can't be a root, but it's possible to hide himself as non-root user if he gained root access... I noted it in 3.4, but I thinked it is fixed in 4.x. Yesterday I tested it on 4.1, result was the same. I asked to test it on Linux, and they said it shows correctly at last step, ie 'root'. Please, guide me if I'm wrong. Thanks, Yuri. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message