From owner-freebsd-bugs Sun Feb 23 05:57:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA10815 for bugs-outgoing; Sun, 23 Feb 1997 05:57:55 -0800 (PST) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA10808; Sun, 23 Feb 1997 05:57:50 -0800 (PST) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id OAA17308; Sun, 23 Feb 1997 14:57:41 +0100 (MET) From: Guido van Rooij Message-Id: <199702231357.OAA17308@gvr.win.tue.nl> Subject: Re: bin/1882 In-Reply-To: from J Wunsch at "Feb 23, 97 02:01:40 pm" To: joerg_wunsch@uriah.heep.sax.de Date: Sun, 23 Feb 1997 14:57:41 +0100 (MET) Cc: mpp@freefall.freebsd.org, freebsd-bugs@freefall.freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk J Wunsch wrote: > As Guido van Rooij wrote: > > > > (I don't thinkt it's a security flaw, since the default /etc/group > > > ships with just root in group wheel.) > > > > Neither do I. The behaviour has always been that if wheel is empty, > > su will be possible for anyone. > > Are you sure? The PR (see subject) seems to tell otherwise, and even > suggests a patch to get exact this behaviour. > I'm sorry. There has been confusion by me on exactly what was the problem. Indeed, the PR is correct. The behaviour is wrong: an empty wheel group means: let anyone be able to su, whereas the implementation is otherwise. I think the patch is correct. -Guido