Date: Wed, 8 Jul 1998 20:48:12 +0100 (IST) From: rotel@indigo.ie To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7218: /etc/security does not detect uid 0 correctly Message-ID: <199807081948.UAA01556@indigo.ie>
index | next in thread | raw e-mail
>Number: 7218
>Category: bin
>Synopsis: /etc/security does not detect uid 0 correctly
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jul 8 13:00:01 PDT 1998
>Last-Modified:
>Originator: Niall Smart
>Organization:
>Release: FreeBSD 2.2.6-STABLE i386
>Environment:
>Description:
Michal Listos <mcl@Amnesiac.123.org> originally submitted this.
The /etc/security script does not detect uid's of zero correctly
because it uses a string mode comparison thus new root users with
the uid specified as "00" will not be detected. Doh.
OpenBSD's /etc/security looks very complete if anyone fancies
merging some of their good ideas.
>How-To-Repeat:
>Fix:
*** security~ Sat Jun 27 12:13:59 1998
--- security Wed Jul 8 20:38:28 1998
***************
*** 52,54 ****
echo "checking for uids of 0:"
! awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
--- 52,54 ----
echo "checking for uids of 0:"
! awk -F: '$3 == 0 {print $1,$3}' /etc/master.passwd
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807081948.UAA01556>