Date: Thu, 11 Jul 2013 12:47:06 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r253205 - stable/9/usr.bin/newgrp Message-ID: <201307111247.r6BCl6gq068114@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Thu Jul 11 12:47:06 2013 New Revision: 253205 URL: http://svnweb.freebsd.org/changeset/base/253205 Log: MFH (r246553): document and explain need for setuid bit. PR: docs/167741 Modified: stable/9/usr.bin/newgrp/newgrp.1 stable/9/usr.bin/newgrp/newgrp.c Directory Properties: stable/9/usr.bin/newgrp/ (props changed) Modified: stable/9/usr.bin/newgrp/newgrp.1 ============================================================================== --- stable/9/usr.bin/newgrp/newgrp.1 Thu Jul 11 12:46:35 2013 (r253204) +++ stable/9/usr.bin/newgrp/newgrp.1 Thu Jul 11 12:47:06 2013 (r253205) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2002 +.Dd February 8, 2013 .Dt NEWGRP 1 .Os .Sh NAME @@ -90,6 +90,15 @@ A utility appeared in .At v6 . .Sh BUGS +For security reasons, the +.Nm +utility is normally installed without the setuid bit. +To enable it, run the following command: +.Bd -literal -offset indent +chmod u+s /usr/bin/newgrp +.Ed +.Pp Group passwords are inherently insecure as there is no way to stop -users obtaining the crypted passwords from the group database. +users obtaining the password hash from the group database. Their use is discouraged. +Instead, users should simply be added to the necessary groups. Modified: stable/9/usr.bin/newgrp/newgrp.c ============================================================================== --- stable/9/usr.bin/newgrp/newgrp.c Thu Jul 11 12:46:35 2013 (r253204) +++ stable/9/usr.bin/newgrp/newgrp.c Thu Jul 11 12:47:06 2013 (r253205) @@ -73,7 +73,8 @@ main(int argc, char *argv[]) { int ch, login; - euid = geteuid(); + if ((euid = geteuid()) != 0) + warnx("need root permissions to function properly, check setuid bit"); if (seteuid(getuid()) < 0) err(1, "seteuid");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307111247.r6BCl6gq068114>