From owner-freebsd-current@FreeBSD.ORG  Thu Oct 21 16:56:39 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C4A3916A4CE
	for <freebsd-current@FreeBSD.org>;
	Thu, 21 Oct 2004 16:56:39 +0000 (GMT)
Received: from obsecurity.dyndns.org
	(CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9F90243D2D
	for <freebsd-current@FreeBSD.org>;
	Thu, 21 Oct 2004 16:56:39 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 590DA529DD; Thu, 21 Oct 2004 09:56:44 -0700 (PDT)
Date: Thu, 21 Oct 2004 09:56:44 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Roman Kennke <roman@ontographics.com>
Message-ID: <20041021165644.GA9901@xor.obsecurity.org>
References: <1098363412.1562.2.camel@moonlight>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o"
Content-Disposition: inline
In-Reply-To: <1098363412.1562.2.camel@moonlight>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-current@FreeBSD.org
Subject: Re: Error in /etc/pam.d/su ??
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2004 16:56:39 -0000


--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 21, 2004 at 02:56:52PM +0200, Roman Kennke wrote:
> Hi there,
>=20
> I just upgraded RELENG_5. Now it seems, that su lets me into root
> without a passwd.
> Checking /etc/pam.d/su it seems that there is an include control flag,
> which isn't recognized:
>=20
> auth            include         system
> account         include         system
>=20
> I suppose this must be changed to required or requisite? I am no PAM
> expert, but this seems like a serious bug to me.

If it's not recognized on your system, you haven't done a complete
upgrade to RELENG_5 - it's been recognized there for a long time now.

Kris

--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBd+pLWry0BWjoQKURAhv0AKC1wyqrM2pnFA2vpDMRqXyBco3wGgCdGyuc
AQOCh1BaqZvl4ZPKCjvu08E=
=mDFQ
-----END PGP SIGNATURE-----

--IS0zKkzwUGydFO0o--