From owner-freebsd-bugs  Sun Feb 23 04:29:41 1997
Return-Path: <owner-bugs>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id EAA07849
          for bugs-outgoing; Sun, 23 Feb 1997 04:29:41 -0800 (PST)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA07842;
          Sun, 23 Feb 1997 04:29:36 -0800 (PST)
Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id NAA16824; Sun, 23 Feb 1997 13:29:27 +0100 (MET)
From: Guido van Rooij <guido@gvr.win.tue.nl>
Message-Id: <199702231229.NAA16824@gvr.win.tue.nl>
Subject: Re: bin/1882
In-Reply-To: <Mutt.19970223015009.j@uriah.heep.sax.de> from J Wunsch at "Feb 23, 97 01:50:09 am"
To: joerg_wunsch@uriah.heep.sax.de
Date: Sun, 23 Feb 1997 13:29:27 +0100 (MET)
Cc: mpp@freefall.freebsd.org, guido@freebsd.org,
        freebsd-bugs@freefall.freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

J Wunsch wrote:
> Btw., as i've read in NetBSD's recent ``What's new?'', they decided to
> special-case this one as ``anybody's allowed to su root''.  Just one
> point to consider.
> 

You mean they specified it in the manpage of su?

> (I don't thinkt it's a security flaw, since the default /etc/group
> ships with just root in group wheel.)

Neither do I. The behaviour has always been that if wheel is empty,
su will be possible for anyone.

-Guido