Date: Wed, 15 Jan 2003 12:40:03 -0800 (PST) From: Sean Chittenden <seanc@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/47119: Unable to su to root after root run's a command that runs as a different user Message-ID: <200301152040.h0FKe3Rg014772@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 47119 >Category: kern >Synopsis: Unable to su to root after root run's a command that runs as a different user >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 15 12:50:02 PST 2003 >Closed-Date: >Last-Modified: >Originator: Sean Chittenden >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD dsl093-135-251.sfo2.dsl.speakeasy.net 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Jan 12 12:32:11 PST 2003 root@dsl093-135-251.sfo2.dsl.speakeasy.net:/usr/obj/usr/src/sys/DELLAPTOP i386 >Description: Run the following program. Once run, and root exist, a member of the wheel group won't be able to su to root again. >How-To-Repeat: $ gcc -o su_test su_test.c $ su # ./su_test running as user 80 now # exit $ su su: Sorry /* BEGIN su_test.c */ #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <pwd.h> int main() { struct passwd* pwd; uid_t uid; gid_t gid; int ngroups; char *user = "www"; pwd = getpwnam(user); uid = pwd->pw_uid; gid = pwd->pw_gid; if (chdir(pwd->pw_dir) < 0) { perror( "chdir" ); exit(1); } setsid(); if (chroot("/") < 0) { perror( "chroot" ); exit(1); } if (chdir("/") < 0) { perror("chroot chdir"); exit(1); } if (setgroups(0, (const gid_t*) 0) < 0) { perror("setgroups"); exit(1); } if (setgid(gid) < 0) { perror("setgid"); exit(1); } setlogin(user); if (setuid(uid) < 0) { perror("setuid"); exit(1); } uid = getuid(); printf("running as user %d now\n", uid); exit(0); } /* END su_test.c */ >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301152040.h0FKe3Rg014772>