Date: Sat, 4 May 2002 11:10:39 +0400 (MSD) From: Gleb Smirnoff <glebius@cell.sick.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/37733: su(1) does not behave the way it is described in man Message-ID: <200205040710.g447Aclt040270@cell.sick.ru>
next in thread | raw e-mail | index | archive | help
>Number: 37733
>Category: bin
>Synopsis: su(1) does not behave the way it is described in man
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat May 04 00:20:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Gleb Smirnoff
>Release: FreeBSD 4.5-STABLE i386
>Organization:
RiNet ISP
>Environment:
System: FreeBSD cell.sick.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Apr 30 19:19:30 MSD 2002 glebius@cell.sick.ru:/usr/obj/usr/src/sys/NUCLEUS i386
>Description:
As it is mentioned in manpage su(1) :
Only users who are a member of group 0 (normally ``wheel'') can su to
``root''. If group 0 is missing or empty, any user can su to ``root''.
But if user is not listed in group wheel and his primary group is 0,
he is allowed to su root. As it is said in comment in su.c, this
is the desired behavior. This is quite different to manpage.
>How-To-Repeat:
Set users primary group to 0, delete him from wheel in /etc/group.
Try su.
>Fix:
The current su's behavior always gives possibility to become root
to all wheel members. I suppose it'll be better to make su work like
it is described in man. Then one can have wheel rights (to read
logs etc.), but cannot become root, if he has primary uid 0 and is
not explicitly listed in /etc/group.
Here is the fix:
--- su.c.orig Sat May 4 11:08:40 2002
+++ su.c Sat May 4 11:09:01 2002
@@ -254,9 +254,6 @@
gr->gr_mem && *(gr->gr_mem))
for (g = gr->gr_mem;; ++g) {
if (!*g) {
- if (gid == 0)
- break;
- else
errx(1,
"you are not in the correct group (%s) to su %s.",
gr->gr_name,
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205040710.g447Aclt040270>