From owner-freebsd-bugs  Mon Jun 17  4:30:14 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id D8E5C37B42C
	for <freebsd-bugs@hub.freebsd.org>; Mon, 17 Jun 2002 04:30:06 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g5HBU6S99125;
	Mon, 17 Jun 2002 04:30:06 -0700 (PDT)
	(envelope-from gnats)
Date: Mon, 17 Jun 2002 04:30:06 -0700 (PDT)
Message-Id: <200206171130.g5HBU6S99125@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Simon 'corecode' Schubert" <corecode@corecode.ath.cx>
Subject: Re: misc/39382: Passwd will not work when root su's into a user.
Reply-To: "Simon 'corecode' Schubert" <corecode@corecode.ath.cx>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/39382; it has been noted by GNATS.

From: "Simon 'corecode' Schubert" <corecode@corecode.ath.cx>
To: Dan Mahoney <freebsdbugs@gushi.org>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/39382: Passwd will not work when root su's into a user.
Date: Mon, 17 Jun 2002 13:20:31 +0200

 --=.s,B'KT2.ZU)cx_
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: 7bit
 
 On Sun, 16 Jun 2002 15:48:05 -0700 (PDT) Dan Mahoney wrote:
 > >Description:
 >       When root su's down to another account, even using -l to
 >       simulate a full login, they are unable to try to use passwd (as
 >       the user) to change their password, because passwd apparently
 >       checks realuid, and not effectiveuid.  This also breaks usermin,
 >       which runs as a normal user, and has a password change module
 >       that uses passwd.
 
 this is not true. it cannot check the effective id because this is
 always changed to 0 (suid root!).
 passwd(1) checks the login name with getlogin(). this is the only one
 and true[tm] way to support different accounts with the same UID (for
 example personalized root accounts etc).
 besides, su'ing only to change a passwd seems overkill.
 
 cheerz
   simon
 
 -- 
 /"\   http://corecode.ath.cx/#donate
 \ /
  \     ASCII Ribbon Campaign
 / \  Against HTML Mail and News
 
 --=.s,B'KT2.ZU)cx_
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.7 (FreeBSD)
 
 iD8DBQE9DcYCr5S+dk6z85oRAhQ/AKDCP0w8nidBHDZdHuKl/+b3wv3MAgCg/WvT
 v686kER54rwKH+1DD7HQF+4=
 =SPWt
 -----END PGP SIGNATURE-----
 
 --=.s,B'KT2.ZU)cx_--
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message