From owner-freebsd-current Tue Jul 31 10:26:33 2001 Delivered-To: freebsd-current@freebsd.org Received: from elm.phenome.org (elm.phenome.org [194.153.169.3]) by hub.freebsd.org (Postfix) with ESMTP id ED17937B403; Tue, 31 Jul 2001 10:26:26 -0700 (PDT) (envelope-from joshua@roughtrade.net) Received: from localhost (joshua@localhost [127.0.0.1]) by localhost (8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1) with ESMTP id f6VBdbCC005937; Tue, 31 Jul 2001 12:39:37 +0100 Date: Tue, 31 Jul 2001 12:39:37 +0100 (BST) From: Joshua Goodall X-X-Sender: To: Terry Lambert Cc: Sheldon Hearn , Kris Kennaway , , Subject: Re: su root broken in -CURRENT In-Reply-To: <3B668AC1.BAC483AD@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 31 Jul 2001, Terry Lambert wrote: > The reason for this is that the pam code for doing the enforcement > is being trusted utterly. In the past, we would consider both > the primary group (the group from the passwd file entry), and the > auxillary groups (the groups from the groups file entries, if any), > as synonymous. With the pam code being used, we no longer consider > the primary group to be on the same par as the groups file entries. I can pin this down at r1.26 of su.c (Mon May 25 03:34:52 1998 UTC (3 years, 2 months ago) by steve) Prior to this date only appearance in /etc/group was considered. The change occurred in response to PR bin/6696 Like terry, I prefer the semantics whereby the users primary group is considered. Three years of precedent should be sufficient to have this change to pam_wheel.c, I hope, before PAM use in su is MFC'd. I have just entered a PR on this. cc'd to: markm Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message