From owner-freebsd-bugs Sat May 4 0:20:14 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8D59537B41E for ; Sat, 4 May 2002 00:20:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g447K1070738; Sat, 4 May 2002 00:20:01 -0700 (PDT) (envelope-from gnats) Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by hub.freebsd.org (Postfix) with ESMTP id B549B37B41B for ; Sat, 4 May 2002 00:10:42 -0700 (PDT) Received: from cell.sick.ru (localhost [127.0.0.1]) by cell.sick.ru (8.12.3/8.12.3) with ESMTP id g447AdMF040271 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sat, 4 May 2002 11:10:40 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.3/8.12.3/Submit) id g447Aclt040270; Sat, 4 May 2002 11:10:39 +0400 (MSD) Message-Id: <200205040710.g447Aclt040270@cell.sick.ru> Date: Sat, 4 May 2002 11:10:39 +0400 (MSD) From: Gleb Smirnoff Reply-To: Gleb Smirnoff To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/37733: su(1) does not behave the way it is described in man Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 37733 >Category: bin >Synopsis: su(1) does not behave the way it is described in man >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat May 04 00:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Gleb Smirnoff >Release: FreeBSD 4.5-STABLE i386 >Organization: RiNet ISP >Environment: System: FreeBSD cell.sick.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Apr 30 19:19:30 MSD 2002 glebius@cell.sick.ru:/usr/obj/usr/src/sys/NUCLEUS i386 >Description: As it is mentioned in manpage su(1) : Only users who are a member of group 0 (normally ``wheel'') can su to ``root''. If group 0 is missing or empty, any user can su to ``root''. But if user is not listed in group wheel and his primary group is 0, he is allowed to su root. As it is said in comment in su.c, this is the desired behavior. This is quite different to manpage. >How-To-Repeat: Set users primary group to 0, delete him from wheel in /etc/group. Try su. >Fix: The current su's behavior always gives possibility to become root to all wheel members. I suppose it'll be better to make su work like it is described in man. Then one can have wheel rights (to read logs etc.), but cannot become root, if he has primary uid 0 and is not explicitly listed in /etc/group. Here is the fix: --- su.c.orig Sat May 4 11:08:40 2002 +++ su.c Sat May 4 11:09:01 2002 @@ -254,9 +254,6 @@ gr->gr_mem && *(gr->gr_mem)) for (g = gr->gr_mem;; ++g) { if (!*g) { - if (gid == 0) - break; - else errx(1, "you are not in the correct group (%s) to su %s.", gr->gr_name, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message