From owner-freebsd-security  Fri Sep 25 09:37:40 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA28760
          for freebsd-security-outgoing; Fri, 25 Sep 1998 09:37:40 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA28742
          for <freebsd-security@FreeBSD.ORG>; Fri, 25 Sep 1998 09:37:34 -0700 (PDT)
          (envelope-from nash@Jupiter.Mcs.Net)
Received: from Jupiter.Mcs.Net (nash@Jupiter.mcs.net [192.160.127.88]) by Kitten.mcs.com (8.8.7/8.8.2) with ESMTP id LAA17670; Fri, 25 Sep 1998 11:37:28 -0500 (CDT)
Received: (from nash@localhost) by Jupiter.Mcs.Net (8.8.7/8.8.2) id LAA13061; Fri, 25 Sep 1998 11:37:27 -0500 (CDT)
Message-ID: <19980925113727.A9163@Mcs.Net>
Date: Fri, 25 Sep 1998 11:37:27 -0500
From: Alex Nash <nash@mcs.net>
To: Andrzej Szydlo <andrzej@maciek.gv.edu.pl>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Checking for uids 0 in /etc/security
Mail-Followup-To: Andrzej Szydlo <andrzej@maciek.gv.edu.pl>,
	freebsd-security@FreeBSD.ORG
References: <19980925095238.A20899@mcs.net> <Pine.BSF.3.96.980924182059.3540A-100000@maciek.gv.edu.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.BSF.3.96.980924182059.3540A-100000@maciek.gv.edu.pl>; from Andrzej Szydlo on Thu, Sep 24, 1998 at 06:26:14PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Sep 24, 1998 at 06:26:14PM +0200, Andrzej Szydlo wrote:
> On Fri, 25 Sep 1998, Alex Nash wrote:
> 
> > On Thu, Sep 24, 1998 at 01:42:10PM +0000, Andrzej Szydlo wrote:
> > > I've just noticed that /etc/security checks for strings "0" in the uid
> > > field of the master.passwd file. 
> > 
> > This was fixed in July with the following revisions:
> > 
> >    3.0-current           1.25
> >    2.2-stable (2.2.7R)   1.16.2.6
> 
> I'm running 2.2.7-STABLE, but CVSuped it from 2.2.6-RELEASE (last cvsup
> yesterday) and my /etc/security file version is 1.16.2.4. Does it mean
> CVSup doesn't solve such problems or I'm doing something wrong?

'make world' (or equivalent) won't upgrade /etc/security.  Assuming
you haven't modified /etc/security, the simplest thing is to do is:

    cp /usr/src/etc/security /etc

Alex

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message