From owner-freebsd-security  Thu Sep 21 19:33: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 853E037B422
	for <freebsd-security@FreeBSD.ORG>; Thu, 21 Sep 2000 19:33:02 -0700 (PDT)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id WAA10152;
	Thu, 21 Sep 2000 22:32:53 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 21 Sep 2000 22:32:53 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200009220232.WAA10152@khavrinen.lcs.mit.edu>
To: "Yuri A. Wolf" <subs@proxy.obk.ru>
Cc: freebsd-security@FreeBSD.ORG
Subject: I thinked it is fixed
In-Reply-To: <Pine.BSF.4.21.0009220852070.20938-100000@proxy.obk.ru>
References: <Pine.BSF.4.21.0009220852070.20938-100000@proxy.obk.ru>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Fri, 22 Sep 2000 09:26:54 +0700 (NOVST), "Yuri A. Wolf" <subs@proxy.obk.ru> said:

> 1. Login normally as root
> 2. Do the next 
>  #/usr/bin/login -f userx
> Now I'm non-root user 'userx'. 
> 3. Exit back
>  $^D
>  #
> Now I'm root, right? But try to do "who", "who am i", "finger", they all
> say 'userx'.

Don't do that then.

(Perhaps login(8) should fail if it's not the session leader.  I'm not
sure there's actually a way to reliably detect whether it is or not.)

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message