Date: Fri, 31 Aug 2001 10:53:07 +0100 From: Tony McCrory <tony@mgn.co.uk> To: Glen Hollings <GHollings@admin.gil.com.au> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Broken SU Message-ID: <Pine.BSF.4.21.0108311052200.28410-100000@vodka.tmg-ireland> In-Reply-To: <B9C04FEB4B4EA74696488AE05045588728D27C@postal.admin.gil.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Are you in the wheel goup?
Tony
On Fri, 31 Aug 2001, Glen Hollings wrote:
>
> Has anyone ever experenced a broken SU command?
>
> I cant seem to SU to root when logged in as any 'normal' user....
>
> eg
>
> normuser@bsdbox normuser]$su -m
> Password:
>
> (stalls after this)
>
>
> Or if I put in the wrong password
>
> normuser@bsdbox normuser]$su -m
> Password:
> Sorry
>
> (stalls after this)
>
>
> it does this...
>
> putting sshd into debug mode doesnt seem to reveal anything of use..
>
>
>
> Here is an strace output of an attempted su:
>
> $strace su
> execve("/usr/bin/su", ["su"], [/* 20 vars */]) = 0
> __sysctl([hw.pagesize], 2, "\0\20\0\0", [4], NULL, 0) = 0
> mmap(0, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =
> 0x4005e000
> geteuid(0xbfbffc1c) = 0
> getuid() = 1002 (euid 0)
> open("/var/run/ld-elf.so.hints", O_RDONLY) = 3
> read(3, "Ehnt\1\0\0\0\200\0\0\0(\0\0\0\0\0\0\0\'\0\0\0\0\0\0\0\0"...,
128) =
> 128
> lseek(3, 128, SEEK_SET) = 128
> read(3, "/usr/lib:/usr/lib/compat:/usr/lo"..., 40) = 40
> close(3) = 0
> access("/usr/lib/libutil.so.3", F_OK) = 0
> open("/usr/lib/libutil.so.3", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=32848, ...}) = 0
> read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0h#\0\000"...,
4096) =
> 4096
> mmap(0, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40066000
> mmap(0x4006e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x7000) = 0x4006e000
> close(3) = 0
> access("/usr/lib/libskey.so.2", F_OK) = 0
> open("/usr/lib/libskey.so.2", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=24252, ...}) = 0
> read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\23\0"...,
4096) =
> 4096
> mmap(0, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006f000
> mmap(0x40073000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x3000) = 0x40073000
> close(3) = 0
> access("/usr/lib/libmd.so.2", F_OK) = 0
> open("/usr/lib/libmd.so.2", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=34272, ...}) = 0
> read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\000"...,
4096)
> = 4096
> mmap(0, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40076000
> mmap(0x4007e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x7000) = 0x4007e000
> close(3) = 0
> access("/usr/lib/libcrypt.so.2", F_OK) = 0
> open("/usr/lib/libcrypt.so.2", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=28588, ...}) = 0
> read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\16"...,
4096) =
> 4096
> mmap(0, 102400, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4007f000
> mmap(0x40086000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x6000) = 0x40086000
> mmap(0x40087000, 69632, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANON,
> -1, 0) = 0x40087000
> close(3) = 0
> access("/usr/lib/libc.so.4", F_OK) = 0
> open("/usr/lib/libc.so.4", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=572588, ...}) = 0
> read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\314-\1"...,
4096) =
> 4096
> mmap(0, 622592, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40098000
> mmap(0x40118000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x7f000) = 0x40118000
> mmap(0x4011c000, 81920, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANON,
> -1, 0) = 0x4011c000
> close(3) = 0
> access("/usr/lib/libcrypt.so.2", F_OK) = 0
> access("/usr/lib/libmd.so.2", F_OK) = 0
> sigaction(SIGILL, {0x4004f0fc, [], 0}, {SIG_DFL}) = 0
> sigprocmask(SIG_BLOCK, NULL, []) = 0
> sigaction(SIGILL, {SIG_DFL}, NULL) = 0
> sigprocmask(SIG_BLOCK, ~[ILL TRAP ABRT EMT FPE BUS SEGV SYS], []) = 0
> sigprocmask(SIG_SETMASK, [], NULL) = 0
> readlink("/etc/malloc.conf", 0xbfbff6f4, 63) = -1 ENOENT (No such file or
> directory)
> mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =
0x40130000
> break(0x804d000) = 0
> getpriority(PRIO_PROCESS, 0) = 0
> setpriority(PRIO_PROCESS, 0, -2) = 0
> getuid() = 1002 (euid 0)
> getlogin(0x401203f8, 0x11) = 0
> geteuid(0x4011b304) = 0
> break(0x804e000) = 0
> stat("/etc/spwd.db", {st_mode=S_IFREG|0600, st_size=40960, ...}) = 0
> open("/etc/spwd.db", O_RDONLY) = 3
> fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"...,
260) =
> 260
> break(0x804f000) = 0
> break(0x8050000) = 0
> break(0x8051000) = 0
> lseek(3, 28672, SEEK_SET) = 28672
> read(3, "\30\0\373\17\302\17\275\17r\17l\17$\17\37\17\344\16\337"...,
4096) =
> 4096
> break(0x8052000) = 0
> close(3) = 0
> geteuid(0x4011b304) = 0
> stat("/etc/spwd.db", {st_mode=S_IFREG|0600, st_size=40960, ...}) = 0
> open("/etc/spwd.db", O_RDONLY) = 3
> fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"...,
260) =
> 260
> break(0x8053000) = 0
> lseek(3, 24576, SEEK_SET) = 24576
> read(3, "\26\0\373\17\301\17\272\17i\17d\17\23\17\n\17\321\16\314"...,
4096)
> = 4096
> close(3) = 0
> geteuid(0x4006e3bc) = 0
> getegid(0x4006e3bc) = 1002
> setegid(0Password:
>
>
>
> anyone have any ideas?? please!
>
> Thanks
>
> **********************************************
> *Glen Hollings | There Cant Be *
> *Network Administrator | a Crisis Today,*
> *Global Info Links | my schedule is *
> *ghollings@admin.gil.com.au | already full. *
> **********************************************
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
IMPORTANT NOTICE The information in this e-mail is confidential and should
only be read by those persons to whom it is addressed and is not intended
to be relied upon by any person without subsequent written confirmation of
its contents. Furthermore, the content of this e-mail is the personal view
of the sender and does not represent the advice, views or opinion of our
company. Accordingly, our company disclaim all responsibility and accept
no liability (including in negligence) for the consequences of any person
acting, or refraining from acting, on such information prior to the receipt
by those persons of subsequent written confirmation. In particular (but
not by way of limitation) our company disclaims all responsibility and
accepts no liability for any e-mails which are defamatory, offensive,
racist or in any other way are in breach of any third party's rights,
including breach of confidence, privacy or other rights. If you have
received this e-mail message in error, please notify me immediately by
telephone. Please also destroy and delete the message from your computer.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and/or publication of this e-mail message is strictly
prohibited. Trinity Mirror plc is the holding company for the Trinity
Mirror group of companies and is registered in England No. 82548, with its
address at Kingsfield Court, Chester Business Park, Chester CH4 9RE.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108311052200.28410-100000>