Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Jan 2003 12:40:03 -0800 (PST)
From:      Sean Chittenden <seanc@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/47119: Unable to su to root after root run's a command that runs as a different user
Message-ID:  <200301152040.h0FKe3Rg014772@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         47119
>Category:       kern
>Synopsis:       Unable to su to root after root run's a command that runs as a different user
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 15 12:50:02 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Sean Chittenden
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD dsl093-135-251.sfo2.dsl.speakeasy.net 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Jan 12 12:32:11 PST 2003 root@dsl093-135-251.sfo2.dsl.speakeasy.net:/usr/obj/usr/src/sys/DELLAPTOP i386

>Description:
	Run the following program.  Once run, and root exist, a member of the
	wheel group won't be able to su to root again.
>How-To-Repeat:
$ gcc -o su_test su_test.c
$ su
# ./su_test
running as user 80 now
# exit
$ su
su: Sorry

/* BEGIN su_test.c */
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <pwd.h>

int main() {
  struct passwd* pwd;
  uid_t uid;
  gid_t gid;
  int ngroups;
  char *user = "www";

  pwd = getpwnam(user);
  uid = pwd->pw_uid;
  gid = pwd->pw_gid;

  if (chdir(pwd->pw_dir) < 0) {
    perror( "chdir" );
    exit(1);
  }

  setsid();

  if (chroot("/") < 0) {
    perror( "chroot" );
    exit(1);
  }

  if (chdir("/") < 0) {
    perror("chroot chdir");
    exit(1);
  }

  if (setgroups(0, (const gid_t*) 0) < 0) {
    perror("setgroups");
    exit(1);
  }

  if (setgid(gid) < 0) {
    perror("setgid");
    exit(1);
  }

  setlogin(user);

  if (setuid(uid) < 0) {
    perror("setuid");
    exit(1);
  }

  uid = getuid();
  printf("running as user %d now\n", uid);

  exit(0);
}
/* END su_test.c */

>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301152040.h0FKe3Rg014772>