From owner-freebsd-qa Thu Mar 22 7:41:45 2001 Delivered-To: freebsd-qa@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9835E37B720; Thu, 22 Mar 2001 07:41:36 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f2MFfYh10630; Thu, 22 Mar 2001 10:41:34 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 22 Mar 2001 10:41:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Larry Librettez Cc: freebsd-qa@freebsd.org, freebsd-questions@freebsd.org Subject: Re: 4.3-BETA won't su to root in X terminal In-Reply-To: <20010322060905.3135.qmail@web13202.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 21 Mar 2001, Larry Librettez wrote: > After upgrading to 4.3-BETA, I find I cannot su to root in a terminal > window (rxvt, xterm) in X (XFree86-3.3.6 with either GNOME or KDE).=20 > Even if I enter the correct password, the su login gets rejected (and > yes, user is member of wheel group). The logs report `BAD SU LIPSHITZ to > root on ttyp0`. However, in a plain terminal (not in X), I CAN su to > root as a regular user. Prior to upgrading to 4.3-BETA (kernel + > userland), I was able to su to root in X in 4.2-STABLE. I tried adding > `secure=B4 after the ttyp entries in /etc/ttys but that didn=B4t help. I = did > both mergemaster and MAKEDEV all during my rebuild. I specifically > re-made the ttyp* devices. I even typed out the su password on the > terminal to make sure it shows correctly and it does. On a separate box > using 4.2-STABLE I upgraded only the kernel to 4.3-BETA (same 4.2-STABLE > userland), and the problem still occurred - couldn=B4t su to root in an X > terminal. >=20 > Is the problem in the kernel? A bug? A DoS? I cvsup=B4d 5 times and > rebuilded 5 times (I am now up to 4.3-RC) with no change in this > problem.=20 Hmm. I was unable to reproduce this on a fresh 4.3-RC install from yesterday. One thing we did notice is that the standard install set was improperly installing Kerberos support, and it may be that something was going on relating to that. Can we pursuade you to update to the next snapshot and see if the problem goes away? This sounds like a pretty puzzling bug. There are a few other things you might try, including starting X as the root user, and seeing if (a) you can su to other users properly, and (b) if you su to another user, whether you can su back to root properly. Also, run "id" as the normal user and verify that your groups are being properly picked up when xterm starts. Try removing the setuid bit from xterm if not, and see if that helps. Also, what version of 2.2 did you upgrade from? If it's still on the snapshot server, I could try installing that, then doing the upgrade, and see if I get the same problem.=20 Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message