Date: Thu, 14 Jan 1999 21:44:34 +0100 (CET) From: xaa@xaa.iae.nl To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/9495: su doesn't check login.conf's shell and its validity Message-ID: <19990114204434.9A3BC965E@toad.stack.nl>
next in thread | raw e-mail | index | archive | help
>Number: 9495 >Category: bin >Synopsis: su doesn't look at login.cnf all the time >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 14 12:50:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Mark Huizer >Release: FreeBSD 2.2.7-STABLE i386 >Organization: MCGV Stack >Environment: 2.2.7 (and current as well) >Description: if a user is given an illegal shell in /etc/login.conf (e.g. for a login class called 'lockout'), su will happily su to that user. This should not be allowed if a mortal user su's to another mortal user. >How-To-Repeat: create loginclass with e.g. /bin/false as shell, su to that user, yeah... >Fix: see Q&D patch to su.c: 355a356,360 > #ifdef LOGIN_CAP > if (!chshell(login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell)) && ruid) > errx(1, "permission denied (shell)."); > else > #endif 366a372 > >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990114204434.9A3BC965E>