From owner-freebsd-security  Tue Apr  3 10:31:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from jubilee.sd.odu.edu (sd11-061.sd.odu.edu [128.82.11.61])
	by hub.freebsd.org (Postfix) with ESMTP
	id C66EF37B71D; Tue,  3 Apr 2001 10:31:23 -0700 (PDT)
	(envelope-from dknj@dknj.org)
Received: from majorzoot (darkkiwi [192.168.2.2])
	by jubilee.sd.odu.edu (Postfix) with SMTP
	id EEE98324E; Tue,  3 Apr 2001 12:33:26 -0400 (EDT)
Message-ID: <005401c0bc63$7cb36650$0202a8c0@majorzoot>
From: "Kherry Zamore" <dknj@dknj.org>
To: <freebsd-stable@freebsd.org>
Cc: <freebsd-security@freebsd.org>
Subject: su change?
Date: Tue, 3 Apr 2001 13:28:23 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Just recently my friend locked himself out of his machine by changing root's
shell to a nonexisting file.  The only way he could become root again was by
rebooting the machine into single user mode and changing it from there.  Now
while I know that its foolish to change root's shell in the first place, i
don't think this is an acceptable punishment for those that do.

According to su.c, if the user you are changing to does not have a valid
shell, su complains and exits.  A valid thing to do in today's security
conscience society.  Now, lets say you want to become root to fix this
invalid shell problem.. su's nature is to complain and exit.  The fix is
rather simple, somewhere around line 310 in su.c is:

if (!chshell(pwd->pw_shell) && ruid)
    errx(1, "permission denied (shell).");

The only thing we need to prepend to this is a check to see if we are trying
to su to root, which we should allow regardless of the shell specified:

if (pwd->pw_uid)
    if (!chshell(pwd->pw_shell) && ruid)
        errx(1, "permission denied (shell).");

Patches are available here (tested on 4.1):
http://www.dknj.org/sourcecode/patches/su/


-= Kherry Zamore -=- (757) 683-7386 =-
-= Resident Computer & Network Geek/God =-
-= http://www.dknj.org =-


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message