Date: Fri, 25 Sep 1998 11:31:08 -0400 (EDT) From: spork <spork@super-g.com> To: Andrzej Szydlo <andrzej@maciek.gv.edu.pl> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Checking for uids 0 in /etc/security Message-ID: <Pine.BSF.4.00.9809251128570.23840-100000@super-g.inch.com> In-Reply-To: <Pine.BSF.3.96.980924133020.1141A-100000@maciek.gv.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
As long as you've verified that uid "000" is taken as uid "0", why don't you use send-pr to file this as a bug. Someone will most likely commit this for you. Attach a diff with your fixes after checking that it hasn't already been fixed (http://www.freebsd.org/cgi/cvsweb.cgi). Nice catch! Charles --- Charles Sprickman spork@super-g.com On Thu, 24 Sep 1998, Andrzej Szydlo wrote: > Hi, > > I've just noticed that /etc/security checks for strings "0" in the uid > field of the master.passwd file. > > awk 'BEGIN {FS=":"} $3=="0" {print $1, $3}' /etc/master.passwd > ^^^^^^ > In this way it doesn't notice entries like this: > > myroot:xxxx:000:000:.... > > while such an entry still gives uid 0. > Changing this line to: > > awk 'BEGIN {FS=":"} $3==0 {print $1, $3}' /etc/master.passwd > ^^^^^ > solves the problem. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9809251128570.23840-100000>