Date: Tue, 31 Jul 2001 19:01:38 +0100 From: Mark Murray <mark@grondar.za> To: Joshua Goodall <joshua@roughtrade.net> Cc: Terry Lambert <tlambert2@mindspring.com>, Sheldon Hearn <sheldonh@starjuice.net>, Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.ORG, markm@FreeBSD.ORG Subject: Re: su root broken in -CURRENT Message-ID: <200107311801.f6VI1cP06966@grimreaper.grondar.za> In-Reply-To: <Pine.LNX.4.33.0107311149530.29718-100000@elm.phenome.org> ; from Joshua Goodall <joshua@roughtrade.net> "Tue, 31 Jul 2001 12:39:37 BST." References: <Pine.LNX.4.33.0107311149530.29718-100000@elm.phenome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I have the PR, and I will fix this :-) M > > On Tue, 31 Jul 2001, Terry Lambert wrote: > > > The reason for this is that the pam code for doing the enforcement > > is being trusted utterly. In the past, we would consider both > > the primary group (the group from the passwd file entry), and the > > auxillary groups (the groups from the groups file entries, if any), > > as synonymous. With the pam code being used, we no longer consider > > the primary group to be on the same par as the groups file entries. > > I can pin this down at r1.26 of su.c > (Mon May 25 03:34:52 1998 UTC (3 years, 2 months ago) by steve) > > Prior to this date only appearance in /etc/group was considered. > > The change occurred in response to PR bin/6696 > > Like terry, I prefer the semantics whereby the users primary > group is considered. Three years of precedent should be sufficient > to have this change to pam_wheel.c, I hope, before PAM use in su > is MFC'd. > > I have just entered a PR on this. > > cc'd to: markm > > Joshua > > -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107311801.f6VI1cP06966>