Date: Tue, 31 Jul 2001 12:39:37 +0100 (BST) From: Joshua Goodall <joshua@roughtrade.net> To: Terry Lambert <tlambert2@mindspring.com> Cc: Sheldon Hearn <sheldonh@starjuice.net>, Kris Kennaway <kris@obsecurity.org>, <current@FreeBSD.ORG>, <markm@freebsd.org> Subject: Re: su root broken in -CURRENT Message-ID: <Pine.LNX.4.33.0107311149530.29718-100000@elm.phenome.org> In-Reply-To: <3B668AC1.BAC483AD@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Jul 2001, Terry Lambert wrote: > The reason for this is that the pam code for doing the enforcement > is being trusted utterly. In the past, we would consider both > the primary group (the group from the passwd file entry), and the > auxillary groups (the groups from the groups file entries, if any), > as synonymous. With the pam code being used, we no longer consider > the primary group to be on the same par as the groups file entries. I can pin this down at r1.26 of su.c (Mon May 25 03:34:52 1998 UTC (3 years, 2 months ago) by steve) Prior to this date only appearance in /etc/group was considered. The change occurred in response to PR bin/6696 Like terry, I prefer the semantics whereby the users primary group is considered. Three years of precedent should be sufficient to have this change to pam_wheel.c, I hope, before PAM use in su is MFC'd. I have just entered a PR on this. cc'd to: markm Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0107311149530.29718-100000>