Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 09 Jul 2018 13:54:07 +0200
From:      "Julian H. Stacey" <jhs@berklix.com>
To:        current@freebsd.org
Cc:        "Julian H. Stacey" <jhs@berklix.com>
Subject:   How to add su to /rescue ?
Message-ID:  <201807091154.w69Bs7Ha024391@fire.js.berklix.net>

next in thread | raw e-mail | index | archive | help
Hi current@
I want to add su to /rescue, but got stuck on pam.
Old unix su didn't suffer from pam.
There's no #define in su to turn off pam.
Man src.conf says WITHOUT_PAM is deprecated & does nothing.

Can someone please offer a solution ?
Or better to include a simple BSD su pre pam ?
I would happily develop a patch for that.

Notes to explain the need, & patches from my
http://berklix.com/~jhs/src/bsd/fixes/freebsd/src/gen/rescue/
---------

Patch[es] below to solve this emailed scenario:
> Please on prison-host cp /lib/libc.so.7 /tank/ezjail/my-domain/lib/libc.so.7
> I am logged in on jail-host, but only as normal-user, not root, so I cannot run
> 	/rescue/cp /usr/obj/usr/src/lib/libc/libc.so.7 /lib/libc.so.7
> 
> a my make installworld on jail-host.my-domain previously failed with
> 	===> lib/libc (install)
> 	install -C -o root -g wheel -m 444   libc.a /usr/lib
> 	install -C -o root -g wheel -m 444   libc_p.a /usr/lib
> 	install -s -o root -g wheel -m 444   -fschg -S  libc.so.7 /lib
> 	install: /lib/libc.so.7: chflags: Operation not permitted
> 	*** Error code 71
> (might or not be an artifact of being in a jail)
> 
> unfortunately I had run the command as
> 	xs make installworld
> (xs is my own little root wrapper)
> so when it exited, I was just normal-user not root, & I had forgotten to
> open another xterm & leave it logged in as root,
> & I found no /rescue/su

*** 12.0-CURRENT/usr/src/rescue/rescue/Makefile.orig	Tue Jun 19 14:43:47 2018
--- new-generic/usr/src/rescue/rescue/Makefile	Mon Jul  9 12:21:47 2018
***************
*** 188,193 ****
--- 188,195 ----
  CRUNCH_PROGS_usr.bin+= less
  CRUNCH_ALIAS_less= more
  
+ CRUNCH_PROGS_usr.bin+= su
+ 
  CRUNCH_PROGS_usr.bin+= xz
  CRUNCH_ALIAS_xz= unxz lzma unlzma xzcat lzcat
  
-----
Patch above fails with:
  cc -O2 -pipe -DBERKLIX=YES   -std=gnu99    -Qunused-arguments    -static -o reue rescue.o cat.lo chflags.lo chio.lo chmod.lo cp.lo date.lo dd.lo df.lo echo. ed.lo expr.lo getfacl.lo hostname.lo kenv.lo kill.lo ln.lo ls.lo mkdir.lo mv. pkill.lo ps.lo pwd.lo realpath.lo rm.lo rmdir.lo setfacl.lo sh.lo sleep.lo st.lo sync.lo test.lo csh.lo camcontrol.lo clri.lo devfs.lo dmesg.lo dump.lo dums.lo dumpon.lo fsck.lo fsck_ffs.lo fsck_msdosfs.lo fsdb.lo fsirand.lo gbde.lo om.lo ifconfig.lo init.lo kldconfig.lo kldload.lo kldstat.lo kldunload.lo ldcoig.lo md5.lo mdconfig.lo mdmfs.lo mknod.lo mount.lo mount_cd9660.lo mount_msdos.lo mount_nfs.lo mount_nullfs.lo mount_udf.lo mount_unionfs.lo newfs.lo newfssdos.lo nos-tun.lo ping.lo reboot.lo restore.lo rcorder.lo route.lo savecore.lshutdown.lo spppcontrol.lo swapon.lo sysctl.lo tunefs.lo umount.lo ccdconfig.lping6.lo rtsol.lo ipf.lo routed.lo rtquery.lo zfs.lo zpool.lo bsdlabel.lo fdislo dhclient.lo head.lo mt.lo sed.lo tail.lo tee.lo !
 gzip.lo bzip2.lo less.lo suo xz.lo zstd.lo tar.lo nc.lo vi.lo id.lo iscsictl.lo zdb.lo chroot.lo chown.loscsid.lo /data/release/s1/usr/obj/data/release/s1/usr/src/amd64.amd64/rescue/rcue/../librescue/exec.o /data/release/s1/usr/obj/data/release/s1/usr/src/amd64md64/rescue/rescue/../librescue/getusershell.o /data/release/s1/usr/obj/data/rease/s1/usr/src/amd64.amd64/rescue/rescue/../librescue/login_class.o /data/relse/s1/usr/obj/data/release/s1/usr/src/amd64.amd64/rescue/rescue/../librescue/pen.o /data/release/s1/usr/obj/data/release/s1/usr/src/amd64.amd64/rescue/rescu../librescue/rcmdsh.o /data/release/s1/usr/obj/data/release/s1/usr/src/amd64.a64/rescue/rescue/../librescue/sysctl.o /data/release/s1/usr/obj/data/release/susr/src/amd64.amd64/rescue/rescue/../librescue/system.o -lcrypt -ledit -ljail kvm -lelf -ll -ltermcapw -lutil -lxo -l80211 -lalias -lcam -lncursesw -ldevsta-lipsec -llzma -lavl -lzpool -lzfs_core -lzfs -lnvpair -lpthread -luutil -lume-lgeom -lbsdxml -lkiconv !
 -lmt -lsbuf -lufs -lz -lbz2 -lprivatezstd -larchive -rypto -lmd -lm
  /usr/bin/ld: error: undefined symbol: pam_start
  >>> referenced by su.lo:(_$$hide$$ su.lo main)
  
  /usr/bin/ld: error: undefined symbol: pam_set_item
  >>> referenced by su.lo:(_$$hide$$ su.lo main)

Patch below does not solve problem above
*** 12.0-CURRENT/usr/src/rescue/librescue/Makefile.orig	Mon Jul  9 13:02:43 2018
--- new-generic/usr/src/rescue/librescue/Makefile	Mon Jul  9 13:03:59 2018
***************
*** 16,21 ****
--- 16,22 ----
  .PATH: ${SRCTOP}/lib/libc/gen \
         ${SRCTOP}/lib/libc/net \
         ${SRCTOP}/lib/libc/stdlib \
+        ${SRCTOP}/lib/libpam/libpam \
         ${SRCTOP}/lib/libutil 
  
  LIB=		rescue
---
changing libpam/libpam to libpam also fails.
-------

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3.7 million votes inc. from 700,000 British in EU.
 UK Goverment lies it's democratic in Article 50 paragraph 3 of letter to EU.
 http://berklix.eu/queen/  https://www.peoples-vote.uk   200,000 @ 9 Jul 2018



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807091154.w69Bs7Ha024391>