Date: Thu, 11 Jul 2013 12:50:01 GMT From: dfilter@FreeBSD.ORG (dfilter service) To: freebsd-doc@FreeBSD.org Subject: Re: docs/167741: commit references a PR Message-ID: <201307111250.r6BCo1ZM079445@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/167741; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: docs/167741: commit references a PR Date: Thu, 11 Jul 2013 12:47:19 +0000 (UTC) Author: des Date: Thu Jul 11 12:47:06 2013 New Revision: 253205 URL: http://svnweb.freebsd.org/changeset/base/253205 Log: MFH (r246553): document and explain need for setuid bit. PR: docs/167741 Modified: stable/9/usr.bin/newgrp/newgrp.1 stable/9/usr.bin/newgrp/newgrp.c Directory Properties: stable/9/usr.bin/newgrp/ (props changed) Modified: stable/9/usr.bin/newgrp/newgrp.1 ============================================================================== --- stable/9/usr.bin/newgrp/newgrp.1 Thu Jul 11 12:46:35 2013 (r253204) +++ stable/9/usr.bin/newgrp/newgrp.1 Thu Jul 11 12:47:06 2013 (r253205) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2002 +.Dd February 8, 2013 .Dt NEWGRP 1 .Os .Sh NAME @@ -90,6 +90,15 @@ A utility appeared in .At v6 . .Sh BUGS +For security reasons, the +.Nm +utility is normally installed without the setuid bit. +To enable it, run the following command: +.Bd -literal -offset indent +chmod u+s /usr/bin/newgrp +.Ed +.Pp Group passwords are inherently insecure as there is no way to stop -users obtaining the crypted passwords from the group database. +users obtaining the password hash from the group database. Their use is discouraged. +Instead, users should simply be added to the necessary groups. Modified: stable/9/usr.bin/newgrp/newgrp.c ============================================================================== --- stable/9/usr.bin/newgrp/newgrp.c Thu Jul 11 12:46:35 2013 (r253204) +++ stable/9/usr.bin/newgrp/newgrp.c Thu Jul 11 12:47:06 2013 (r253205) @@ -73,7 +73,8 @@ main(int argc, char *argv[]) { int ch, login; - euid = geteuid(); + if ((euid = geteuid()) != 0) + warnx("need root permissions to function properly, check setuid bit"); if (seteuid(getuid()) < 0) err(1, "seteuid"); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307111250.r6BCo1ZM079445>