From owner-freebsd-audit  Wed May 22 21:59:12 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from treetop.robbins.dropbear.id.au (199.b.004.mel.iprimus.net.au [210.50.37.199])
	by hub.freebsd.org (Postfix) with ESMTP id 16F0637B416
	for <freebsd-audit@FreeBSD.ORG>; Wed, 22 May 2002 21:59:07 -0700 (PDT)
Received: from treetop.robbins.dropbear.id.au (localhost [127.0.0.1])
	by treetop.robbins.dropbear.id.au (8.12.2/8.12.2) with ESMTP id g4N4r6YG053653
	for <freebsd-audit@FreeBSD.ORG>; Thu, 23 May 2002 14:53:06 +1000 (EST)
	(envelope-from tim@treetop.robbins.dropbear.id.au)
Received: (from tim@localhost)
	by treetop.robbins.dropbear.id.au (8.12.2/8.12.2/Submit) id g4N4r5Va053652
	for freebsd-audit@FreeBSD.ORG; Thu, 23 May 2002 14:53:05 +1000 (EST)
Date: Thu, 23 May 2002 14:53:05 +1000
From: "Tim J. Robbins" <tjr@FreeBSD.ORG>
To: freebsd-audit@FreeBSD.ORG
Subject: newgrp implementation for review
Message-ID: <20020523145305.A53637@treetop.robbins.dropbear.id.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

I'd appreciate it if people could review my implementation of newgrp(1),
which runs suid root, for possible security flaws:
	http://people.freebsd.org/~tjr/newgrp.shar

It will only get installed suid root if ENABLE_NEWGRP=true is specified in
/etc/make.conf because most people won't need it. newgrp is required by
POSIX.2 Amd. 1 (User Portability Extension).

Thanks,

Tim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message