Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Feb 2013 14:20:00 GMT
From:      dfilter@FreeBSD.ORG (dfilter service)
To:        freebsd-doc@FreeBSD.org
Subject:   Re: docs/167741: commit references a PR
Message-ID:  <201302081420.r18EK0wa094940@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR docs/167741; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/167741: commit references a PR
Date: Fri,  8 Feb 2013 14:14:13 +0000 (UTC)

 Author: des
 Date: Fri Feb  8 14:14:00 2013
 New Revision: 246553
 URL: http://svnweb.freebsd.org/changeset/base/246553
 
 Log:
   Print a warning if not setuid root.
   Document the need for the setuid bit and how to set it.
   Explain why it isn't set by default, and suggest simply adding users
   to groups instead.
   
   PR:		docs/167741
   MFC after:	3 weeks
 
 Modified:
   head/usr.bin/newgrp/newgrp.1
   head/usr.bin/newgrp/newgrp.c
 
 Modified: head/usr.bin/newgrp/newgrp.1
 ==============================================================================
 --- head/usr.bin/newgrp/newgrp.1	Fri Feb  8 14:11:12 2013	(r246552)
 +++ head/usr.bin/newgrp/newgrp.1	Fri Feb  8 14:14:00 2013	(r246553)
 @@ -24,7 +24,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd May 23, 2002
 +.Dd February 8, 2013
  .Dt NEWGRP 1
  .Os
  .Sh NAME
 @@ -90,6 +90,15 @@ A
  utility appeared in
  .At v6 .
  .Sh BUGS
 +For security reasons, the
 +.Nm
 +utility is normally installed without the setuid bit.
 +To enable it, run the following command:
 +.Bd -literal -offset indent
 +chmod u+s /usr/bin/newgrp
 +.Ed
 +.Pp
  Group passwords are inherently insecure as there is no way to stop
 -users obtaining the crypted passwords from the group database.
 +users obtaining the password hash from the group database.
  Their use is discouraged.
 +Instead, users should simply be added to the necessary groups.
 
 Modified: head/usr.bin/newgrp/newgrp.c
 ==============================================================================
 --- head/usr.bin/newgrp/newgrp.c	Fri Feb  8 14:11:12 2013	(r246552)
 +++ head/usr.bin/newgrp/newgrp.c	Fri Feb  8 14:14:00 2013	(r246553)
 @@ -73,7 +73,8 @@ main(int argc, char *argv[])
  {
  	int ch, login;
  
 -	euid = geteuid();
 +	if ((euid = geteuid()) != 0)
 +		warnx("need root permissions to function properly, check setuid bit");
  	if (seteuid(getuid()) < 0)
  		err(1, "seteuid");
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302081420.r18EK0wa094940>