Date: Sun, 14 Jun 1998 08:51:54 +0900 (JST) From: issei@mikage.t-cnet.or.jp To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/6941: su doesn't see user's login group. Message-ID: <199806132351.IAA20433@ordin.mikage.t-cnet.or.jp>
next in thread | raw e-mail | index | archive | help
>Number: 6941 >Category: bin >Synopsis: User cannot su to root even if his login group is wheel. >Confidential: yes >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 13 17:00:00 PDT 1998 >Last-Modified: >Originator: Issei Suzuki >Organization: A Site under T-CNET >Release: FreeBSD 2.2.6-STABLE i386 >Environment: >Description: For security reason, user must belongs to wheel group when he wants to su root. But even if his login group is wheel (I mean getgid() == 0), he cannot su to root without his name at wheel group entry in /etc/group. If you want to keep current specification for some reason, you shoud explicitly refer to it in su(1). >How-To-Repeat: Add user with his login group being wheel and witout his entry in wheel group in /etc/group. Login as he and execute su command. % su su: you are not in the correct group to su root. >Fix: Apply the following patch: --- su.orig/su.c Sun Jun 14 08:20:49 1998 +++ su/su.c Sun Jun 14 08:19:54 1998 @@ -255,7 +255,7 @@ #endif { /* only allow those in group zero to su to root. */ - if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) && + if ((pwd->pw_uid == 0 && getgid()) && (gr = getgrgid((gid_t)0)) && gr->gr_mem && *(gr->gr_mem)) for (g = gr->gr_mem;; ++g) { if (!*g) >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806132351.IAA20433>