From owner-cvs-all@FreeBSD.ORG Tue Jan 18 08:28:22 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C550016A4DA; Tue, 18 Jan 2005 08:28:22 +0000 (GMT) Received: from mail23.syd.optusnet.com.au (mail23.syd.optusnet.com.au [211.29.133.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9BE243D53; Tue, 18 Jan 2005 08:28:21 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) j0I8SKcO022701 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 18 Jan 2005 19:28:20 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])j0I8SJxP064136; Tue, 18 Jan 2005 19:28:20 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost)j0I8SJxn064135; Tue, 18 Jan 2005 19:28:19 +1100 (EST) (envelope-from pjeremy) Date: Tue, 18 Jan 2005 19:28:19 +1100 From: Peter Jeremy To: Pawel Jakub Dawidek Message-ID: <20050118082819.GF79646@cirb503493.alcatel.com.au> References: <200501171957.j0HJvxst075036@repoman.freebsd.org> <20050117203938.GB795@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050117203938.GB795@darkness.comp.waw.pl> User-Agent: Mutt/1.4.2i cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/usr.bin/su su.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 08:28:23 -0000 On Mon, 2005-Jan-17 21:39:38 +0100, Pawel Jakub Dawidek wrote: >On Mon, Jan 17, 2005 at 07:57:59PM +0000, Robert Watson wrote: >+> If su(1) is run without an effective uid of 0, generate an error to >+> the user indicating that su is not running setuid, which may help >+> suggest to the user that it should be setuid, or should not be >+> running from a file system mounted nosuid. > >Shouldn't this be done for every setuid utility? Why only su(1)? su used to generate the message "Sorry" for all errors. Other utilities will hopefully generate more meaningful error messages. One option for the last point would be to include a check in do_execve() that warns where the setuid/setgid bits are ignored because the filesystem is mounted nosuid. -- Peter Jeremy