From owner-freebsd-current  Tue Jul 31 11: 4:13 2001
Delivered-To: freebsd-current@freebsd.org
Received: from arb.arb.za.net (arb.arb.za.net [196.7.148.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2282E37B401; Tue, 31 Jul 2001 11:04:04 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: (from uucp@localhost)
	by arb.arb.za.net (8.11.3/8.11.3) with UUCP id f6VI3JN22008;
	Tue, 31 Jul 2001 20:03:19 +0200 (SAST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (mark@localhost [127.0.0.1])
	by grimreaper.grondar.za (8.11.4/8.11.4) with ESMTP id f6VI1cP06966;
	Tue, 31 Jul 2001 19:01:39 +0100 (BST)
	(envelope-from mark@grondar.za)
Message-Id: <200107311801.f6VI1cP06966@grimreaper.grondar.za>
To: Joshua Goodall <joshua@roughtrade.net>
Cc: Terry Lambert <tlambert2@mindspring.com>,
	Sheldon Hearn <sheldonh@starjuice.net>,
	Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.ORG,
	markm@FreeBSD.ORG
Subject: Re: su root broken in -CURRENT 
References: <Pine.LNX.4.33.0107311149530.29718-100000@elm.phenome.org> 
In-Reply-To: <Pine.LNX.4.33.0107311149530.29718-100000@elm.phenome.org> ; from Joshua Goodall <joshua@roughtrade.net>  "Tue, 31 Jul 2001 12:39:37 BST."
Date: Tue, 31 Jul 2001 19:01:38 +0100
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

I have the PR, and I will fix this :-)

M

> 
> On Tue, 31 Jul 2001, Terry Lambert wrote:
> 
> > The reason for this is that the pam code for doing the enforcement
> > is being trusted utterly.  In the past, we would consider both
> > the primary group (the group from the passwd file entry), and the
> > auxillary groups (the groups from the groups file entries, if any),
> > as synonymous.  With the pam code being used, we no longer consider
> > the primary group to be on the same par as the groups file entries.
> 
> I can pin this down at r1.26 of su.c
> (Mon May 25 03:34:52 1998 UTC (3 years, 2 months ago) by steve)
> 
> Prior to this date only appearance in /etc/group was considered.
> 
> The change occurred in response to PR bin/6696
> 
> Like terry, I prefer the semantics whereby the users primary
> group is considered. Three years of precedent should be sufficient
> to have this change to pam_wheel.c, I hope, before PAM use in su
> is MFC'd.
> 
> I have just entered a PR on this.
> 
> cc'd to: markm
> 
> Joshua
> 
> 
-- 
Mark Murray
Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message