From owner-freebsd-security  Tue Aug 14  9:48:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10])
	by hub.freebsd.org (Postfix) with ESMTP id 8D83E37B406
	for <freebsd-security@FreeBSD.ORG>; Tue, 14 Aug 2001 09:48:26 -0700 (PDT)
	(envelope-from fschapachnik@vianetworks.com.ar)
Received: (from fpscha@localhost)
	by ns1.via-net-works.net.ar (8.9.3/8.9.3) id NAA34895;
	Tue, 14 Aug 2001 13:45:47 -0300 (ART)
X-Authentication-Warning: ns1.via-net-works.net.ar: fpscha set sender to fschapachnik@vianetworks.com.ar using -f
Date: Tue, 14 Aug 2001 13:45:47 -0300
From: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>
To: alexus <ml@db.nexgen.com>
Cc: Will Andrews <will@physics.purdue.edu>,
	David Kirchner <davidk@accretivetg.com>,
	Ivan Krstic <ike@gnjilux.srk.fer.hr>, freebsd-security@FreeBSD.ORG
Subject: Re: bin user
Message-ID: <20010814134547.D6223@ns1.via-net-works.net.ar>
References: <20010813093238.B38221-100000@localhost> <000b01c1241f$d0e74c90$0d00a8c0@alexus> <20010814111413.N5712@bohr.physics.purdue.edu> <001d01c124df$2962eae0$0d00a8c0@alexus>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <001d01c124df$2962eae0$0d00a8c0@alexus>; from ml@db.nexgen.com on Tue, Aug 14, 2001 at 12:35:17PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

En un mensaje anterior, alexus escribió:
> # su -m bin
> su: /usr/local/bin/bash: Permission denied
> # id
> uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
> 5(operator), 20(staff), 31(guest)
> #
> 
> it won't switch to bin for some reason:(

From man su:


-m      Leave the environment unmodified.  The invoked shell is your lo-
        gin shell, and no directory changes are made.  As a security pre-
        caution, if the target user's shell is a non-standard shell (as
        defined by getusershell(3)) and the caller's real uid is non-ze-
        ro, su will fail.

I guess that the read uid!=0 check is not implemented. Reset the bin
shell and you'll be fine.

Regards.



Fernando P. Schapachnik
Planificación de red y tecnología
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Tel.: (54-11) 4323-3381

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message