Date: Sun, 23 Feb 1997 14:57:41 +0100 (MET) From: Guido van Rooij <guido@gvr.win.tue.nl> To: joerg_wunsch@uriah.heep.sax.de Cc: mpp@freefall.freebsd.org, freebsd-bugs@freefall.freebsd.org Subject: Re: bin/1882 Message-ID: <199702231357.OAA17308@gvr.win.tue.nl> In-Reply-To: <Mutt.19970223140140.j@uriah.heep.sax.de> from J Wunsch at "Feb 23, 97 02:01:40 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
J Wunsch wrote: > As Guido van Rooij wrote: > > > > (I don't thinkt it's a security flaw, since the default /etc/group > > > ships with just root in group wheel.) > > > > Neither do I. The behaviour has always been that if wheel is empty, > > su will be possible for anyone. > > Are you sure? The PR (see subject) seems to tell otherwise, and even > suggests a patch to get exact this behaviour. > I'm sorry. There has been confusion by me on exactly what was the problem. Indeed, the PR is correct. The behaviour is wrong: an empty wheel group means: let anyone be able to su, whereas the implementation is otherwise. I think the patch is correct. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702231357.OAA17308>