From owner-freebsd-bugs Sat Jun 13 17:00:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA25592 for freebsd-bugs-outgoing; Sat, 13 Jun 1998 17:00:37 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA25581 for ; Sat, 13 Jun 1998 17:00:35 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id RAA07025; Sat, 13 Jun 1998 17:00:01 -0700 (PDT) Received: from ns.mikage.t-cnet.or.jp (ns.mikage.t-cnet.or.jp [210.169.187.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA24830 for ; Sat, 13 Jun 1998 16:51:59 -0700 (PDT) (envelope-from issei@mikage.t-cnet.or.jp) Received: (from uucp@localhost) by ns.mikage.t-cnet.or.jp (8.8.8/3.6W) id IAA04790 for ; Sun, 14 Jun 1998 08:53:13 +0900 (JST) Received: from ordin.mikage.t-cnet.or.jp(210.169.187.132) via SMTP by ns.mikage.t-cnet.or.jp, id smtpdlw4787; Sun Jun 14 08:53:10 1998 Received: (from issei@localhost) by ordin.mikage.t-cnet.or.jp (8.8.8/3.6W) id IAA20433; Sun, 14 Jun 1998 08:51:54 +0900 (JST) Message-Id: <199806132351.IAA20433@ordin.mikage.t-cnet.or.jp> Date: Sun, 14 Jun 1998 08:51:54 +0900 (JST) From: issei@mikage.t-cnet.or.jp Reply-To: issei@mikage.t-cnet.or.jp To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/6941: su doesn't see user's login group. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 6941 >Category: bin >Synopsis: User cannot su to root even if his login group is wheel. >Confidential: yes >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 13 17:00:00 PDT 1998 >Last-Modified: >Originator: Issei Suzuki >Organization: A Site under T-CNET >Release: FreeBSD 2.2.6-STABLE i386 >Environment: >Description: For security reason, user must belongs to wheel group when he wants to su root. But even if his login group is wheel (I mean getgid() == 0), he cannot su to root without his name at wheel group entry in /etc/group. If you want to keep current specification for some reason, you shoud explicitly refer to it in su(1). >How-To-Repeat: Add user with his login group being wheel and witout his entry in wheel group in /etc/group. Login as he and execute su command. % su su: you are not in the correct group to su root. >Fix: Apply the following patch: --- su.orig/su.c Sun Jun 14 08:20:49 1998 +++ su/su.c Sun Jun 14 08:19:54 1998 @@ -255,7 +255,7 @@ #endif { /* only allow those in group zero to su to root. */ - if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) && + if ((pwd->pw_uid == 0 && getgid()) && (gr = getgrgid((gid_t)0)) && gr->gr_mem && *(gr->gr_mem)) for (g = gr->gr_mem;; ++g) { if (!*g) >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message