Date: Tue, 31 Jul 2001 04:36:07 -0700 (PDT) From: Joshua Goodall <joshua@roughtrade.net> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/29349: pam_wheel does not check primary group id Message-ID: <200107311136.f6VBa7g25013@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 29349
>Category: bin
>Synopsis: pam_wheel does not check primary group id
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 31 04:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Joshua Goodall
>Release: -CURRENT
>Organization:
>Environment:
-CURRENT as of May 26 09:52:36 2001
>Description:
pam_wheel, and therefore, su(1) does not allow a user who is a member of group 0 (in /etc/passwd) to 'su root' unless they are also explicitly listed in /etc/group.
From 'man group':
A user is automatically in a group if that group was specified
in their /etc/passwd entry and does not need to be added to
that group in the /etc/group file.
>How-To-Repeat:
Add a user to group 0, but don't add them to /etc/group.
Try to 'su root'.
>Fix:
Doesn't this sound very like PR bin/6696?
Add appropriate gid check? maybe something like the following diff (builds, not tested).
Index: pam_wheel.c
===================================================================
RCS file: /data/joshua/bsd/src/lib/libpam/modules/pam_wheel/pam_wheel.c,v
retrieving revision 1.2
diff -u -r1.2 pam_wheel.c
--- pam_wheel.c 2001/07/14 08:42:39 1.2
+++ pam_wheel.c 2001/07/31 11:21:11
@@ -122,7 +122,7 @@
PAM_LOG("Got group: %s", grp->gr_name);
- if (in_list(grp->gr_mem, fromsu)) {
+ if (pwd->pw_gid == grp->gr_gid || in_list(grp->gr_mem, fromsu)) {
if (pam_test_option(&options, PAM_OPT_DENY, NULL))
PAM_RETURN(PAM_PERM_DENIED);
if (pam_test_option(&options, PAM_OPT_TRUST, NULL))
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107311136.f6VBa7g25013>