From owner-freebsd-bugs  Thu Jan 14 12:50:37 1999
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA05605
          for freebsd-bugs-outgoing; Thu, 14 Jan 1999 12:50:37 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA05591
          for <freebsd-bugs@FreeBSD.org>; Thu, 14 Jan 1999 12:50:36 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id MAA14914;
	Thu, 14 Jan 1999 12:50:00 -0800 (PST)
Received: from mailhost.stack.nl (terra.stack.nl [131.155.140.128])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA05090
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 14 Jan 1999 12:45:47 -0800 (PST)
          (envelope-from xaa@stack.nl)
Received: from toad.stack.nl (toad.stack.nl [131.155.140.135])
	by mailhost.stack.nl (Postfix) with ESMTP
	id CE3C82F61; Thu, 14 Jan 1999 21:44:32 +0100 (MET)
Received: by toad.stack.nl (Postfix, from userid 239)
	id 9A3BC965E; Thu, 14 Jan 1999 21:44:34 +0100 (CET)
Message-Id: <19990114204434.9A3BC965E@toad.stack.nl>
Date: Thu, 14 Jan 1999 21:44:34 +0100 (CET)
From: xaa@xaa.iae.nl
Reply-To: xaa@xaa.iae.nl
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/9495: su doesn't check login.conf's shell and its validity
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         9495
>Category:       bin
>Synopsis:       su doesn't look at login.cnf all the time
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 14 12:50:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Mark Huizer
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
MCGV Stack
>Environment:

	2.2.7 (and current as well)

>Description:

	if a user is given an illegal shell in /etc/login.conf (e.g. for
	a login class called 'lockout'), su will happily su to that
	user. This should not be allowed if a mortal user su's to
	another mortal user.

>How-To-Repeat:

	create loginclass with e.g. /bin/false as shell, su to that
	user, yeah... 

>Fix:
	see Q&D patch to su.c:

355a356,360
> #ifdef LOGIN_CAP
> 		if (!chshell(login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell)) && ruid)
> 			errx(1, "permission denied (shell).");
> 		else
> #endif
366a372
> 

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message