From owner-freebsd-isp Wed Sep 19 10:17: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgnmail3.mgn.co.uk (mgn1.mgn.co.uk [195.92.144.201]) by hub.freebsd.org (Postfix) with ESMTP id E6EE337B413 for ; Wed, 19 Sep 2001 10:16:54 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by vodka.tmg-ireland (8.11.5/8.11.5) with ESMTP id f7V9r8g28876; Fri, 31 Aug 2001 10:53:08 +0100 (BST) (envelope-from tony@mgn.co.uk) Date: Fri, 31 Aug 2001 10:53:07 +0100 From: Tony McCrory To: Glen Hollings Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Broken SU In-Reply-To: Message-ID: MIME-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on BELFASTN1/MG_CW(Release 5.07a |May 14, 2001) at 31/08/2001 15:01:23, MIME-CD by Notes Server on LNPRODUCTION1CW/MG_CW(Release 5.0.8 |June 18, 2001) at 19/09/2001 18:15:23, MIME-CD complete at 19/09/2001 18:15:23, Serialize by Router on LNPRODUCTION1CW/MG_CW(Release 5.0.8 |June 18, 2001) at 19/09/2001 18:16:40 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Are you in the wheel goup? Tony On Fri, 31 Aug 2001, Glen Hollings wrote: > > Has anyone ever experenced a broken SU command? > > I cant seem to SU to root when logged in as any 'normal' user.... > > eg > > normuser@bsdbox normuser]$su -m > Password: > > (stalls after this) > > > Or if I put in the wrong password > > normuser@bsdbox normuser]$su -m > Password: > Sorry > > (stalls after this) > > > it does this... > > putting sshd into debug mode doesnt seem to reveal anything of use.. > > > > Here is an strace output of an attempted su: > > $strace su > execve("/usr/bin/su", ["su"], [/* 20 vars */]) = 0 > __sysctl([hw.pagesize], 2, "\0\20\0\0", [4], NULL, 0) = 0 > mmap(0, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = > 0x4005e000 > geteuid(0xbfbffc1c) = 0 > getuid() = 1002 (euid 0) > open("/var/run/ld-elf.so.hints", O_RDONLY) = 3 > read(3, "Ehnt\1\0\0\0\200\0\0\0(\0\0\0\0\0\0\0\'\0\0\0\0\0\0\0\0"..., 128) = > 128 > lseek(3, 128, SEEK_SET) = 128 > read(3, "/usr/lib:/usr/lib/compat:/usr/lo"..., 40) = 40 > close(3) = 0 > access("/usr/lib/libutil.so.3", F_OK) = 0 > open("/usr/lib/libutil.so.3", O_RDONLY) = 3 > fstat(3, {st_mode=S_IFREG|0444, st_size=32848, ...}) = 0 > read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0h#\0\000"..., 4096) = > 4096 > mmap(0, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40066000 > mmap(0x4006e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, > 0x7000) = 0x4006e000 > close(3) = 0 > access("/usr/lib/libskey.so.2", F_OK) = 0 > open("/usr/lib/libskey.so.2", O_RDONLY) = 3 > fstat(3, {st_mode=S_IFREG|0444, st_size=24252, ...}) = 0 > read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\23\0"..., 4096) = > 4096 > mmap(0, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006f000 > mmap(0x40073000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, > 0x3000) = 0x40073000 > close(3) = 0 > access("/usr/lib/libmd.so.2", F_OK) = 0 > open("/usr/lib/libmd.so.2", O_RDONLY) = 3 > fstat(3, {st_mode=S_IFREG|0444, st_size=34272, ...}) = 0 > read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\000"..., 4096) > = 4096 > mmap(0, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40076000 > mmap(0x4007e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, > 0x7000) = 0x4007e000 > close(3) = 0 > access("/usr/lib/libcrypt.so.2", F_OK) = 0 > open("/usr/lib/libcrypt.so.2", O_RDONLY) = 3 > fstat(3, {st_mode=S_IFREG|0444, st_size=28588, ...}) = 0 > read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\16"..., 4096) = > 4096 > mmap(0, 102400, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4007f000 > mmap(0x40086000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, > 0x6000) = 0x40086000 > mmap(0x40087000, 69632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANON, > -1, 0) = 0x40087000 > close(3) = 0 > access("/usr/lib/libc.so.4", F_OK) = 0 > open("/usr/lib/libc.so.4", O_RDONLY) = 3 > fstat(3, {st_mode=S_IFREG|0444, st_size=572588, ...}) = 0 > read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\314-\1"..., 4096) = > 4096 > mmap(0, 622592, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40098000 > mmap(0x40118000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, > 0x7f000) = 0x40118000 > mmap(0x4011c000, 81920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANON, > -1, 0) = 0x4011c000 > close(3) = 0 > access("/usr/lib/libcrypt.so.2", F_OK) = 0 > access("/usr/lib/libmd.so.2", F_OK) = 0 > sigaction(SIGILL, {0x4004f0fc, [], 0}, {SIG_DFL}) = 0 > sigprocmask(SIG_BLOCK, NULL, []) = 0 > sigaction(SIGILL, {SIG_DFL}, NULL) = 0 > sigprocmask(SIG_BLOCK, ~[ILL TRAP ABRT EMT FPE BUS SEGV SYS], []) = 0 > sigprocmask(SIG_SETMASK, [], NULL) = 0 > readlink("/etc/malloc.conf", 0xbfbff6f4, 63) = -1 ENOENT (No such file or > directory) > mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = 0x40130000 > break(0x804d000) = 0 > getpriority(PRIO_PROCESS, 0) = 0 > setpriority(PRIO_PROCESS, 0, -2) = 0 > getuid() = 1002 (euid 0) > getlogin(0x401203f8, 0x11) = 0 > geteuid(0x4011b304) = 0 > break(0x804e000) = 0 > stat("/etc/spwd.db", {st_mode=S_IFREG|0600, st_size=40960, ...}) = 0 > open("/etc/spwd.db", O_RDONLY) = 3 > fcntl(3, F_SETFD, FD_CLOEXEC) = 0 > read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"..., 260) = > 260 > break(0x804f000) = 0 > break(0x8050000) = 0 > break(0x8051000) = 0 > lseek(3, 28672, SEEK_SET) = 28672 > read(3, "\30\0\373\17\302\17\275\17r\17l\17$\17\37\17\344\16\337"..., 4096) = > 4096 > break(0x8052000) = 0 > close(3) = 0 > geteuid(0x4011b304) = 0 > stat("/etc/spwd.db", {st_mode=S_IFREG|0600, st_size=40960, ...}) = 0 > open("/etc/spwd.db", O_RDONLY) = 3 > fcntl(3, F_SETFD, FD_CLOEXEC) = 0 > read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"..., 260) = > 260 > break(0x8053000) = 0 > lseek(3, 24576, SEEK_SET) = 24576 > read(3, "\26\0\373\17\301\17\272\17i\17d\17\23\17\n\17\321\16\314"..., 4096) > = 4096 > close(3) = 0 > geteuid(0x4006e3bc) = 0 > getegid(0x4006e3bc) = 1002 > setegid(0Password: > > > > anyone have any ideas?? please! > > Thanks > > ********************************************** > *Glen Hollings | There Cant Be * > *Network Administrator | a Crisis Today,* > *Global Info Links | my schedule is * > *ghollings@admin.gil.com.au | already full. * > ********************************************** > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > IMPORTANT NOTICE The information in this e-mail is confidential and should only be read by those persons to whom it is addressed and is not intended to be relied upon by any person without subsequent written confirmation of its contents. Furthermore, the content of this e-mail is the personal view of the sender and does not represent the advice, views or opinion of our company. Accordingly, our company disclaim all responsibility and accept no liability (including in negligence) for the consequences of any person acting, or refraining from acting, on such information prior to the receipt by those persons of subsequent written confirmation. In particular (but not by way of limitation) our company disclaims all responsibility and accepts no liability for any e-mails which are defamatory, offensive, racist or in any other way are in breach of any third party's rights, including breach of confidence, privacy or other rights. If you have received this e-mail message in error, please notify me immediately by telephone. Please also destroy and delete the message from your computer. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. Trinity Mirror plc is the holding company for the Trinity Mirror group of companies and is registered in England No. 82548, with its address at Kingsfield Court, Chester Business Park, Chester CH4 9RE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message