From owner-freebsd-bugs Fri Jul 18 11:40:15 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA08959 for bugs-outgoing; Fri, 18 Jul 1997 11:40:15 -0700 (PDT) Received: (from gnats@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA08918; Fri, 18 Jul 1997 11:40:06 -0700 (PDT) Resent-Date: Fri, 18 Jul 1997 11:40:06 -0700 (PDT) Resent-Message-Id: <199707181840.LAA08918@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, traister@mojozone.org Received: from manta.mojozone.org (root@dfbfl1-6.gate.net [198.206.135.133]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA08215 for ; Fri, 18 Jul 1997 11:30:02 -0700 (PDT) Received: (from traister@localhost) by manta.mojozone.org (8.8.6/8.8.6) id OAA00561; Fri, 18 Jul 1997 14:29:57 -0400 (EDT) Message-Id: <199707181829.OAA00561@manta.mojozone.org> Date: Fri, 18 Jul 1997 14:29:57 -0400 (EDT) From: Joe Traister Reply-To: traister@mojozone.org To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/4116: kerberized login as .root fails Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 4116 >Category: bin >Synopsis: Kerberized login as .root fails to become root >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 18 11:40:03 PDT 1997 >Last-Modified: >Originator: Joe Traister >Organization: None >Release: FreeBSD 2.2.2-RELEASE i386 >Environment: Kerberos installed, configured and running. >Description: When logging in as .root principle, the login is subjected to the same tty tests as root, allowed to login when /etc/nologin exists, the kerberos ticket file is created as /tmp/tkt_root_, and a root login is syslog'ed, but you don't become root. This is a problem only when LOGIN_CAP is defined during compile. The non-LOGIN_CAP code does everything as the user and then does the final setuid() to 0 if it's a root login, but the LOGIN_CAP code simply does a setusercontext() to the user. This is fixed very simply by including a check for rootlogin and passing setuserconext a 0 uid instead of the user's uid. >How-To-Repeat: login as a .root principle on a kerberized box. >Fix: change if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0 { to if (setusercontext(lc, pwd, rootlogin ? 0 : pwd->pw_uid, LOGIN_SETALL) != 0 { in login.c in the main() function. >Audit-Trail: >Unformatted: