From owner-freebsd-doc@FreeBSD.ORG Fri Feb 8 14:20:01 2013 Return-Path: Delivered-To: freebsd-doc@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 3ADDC735 for ; Fri, 8 Feb 2013 14:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 12B348BF for ; Fri, 8 Feb 2013 14:20:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r18EK0wB094944 for ; Fri, 8 Feb 2013 14:20:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r18EK0wa094940; Fri, 8 Feb 2013 14:20:00 GMT (envelope-from gnats) Date: Fri, 8 Feb 2013 14:20:00 GMT Message-Id: <201302081420.r18EK0wa094940@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org Cc: From: dfilter@FreeBSD.ORG (dfilter service) Subject: Re: docs/167741: commit references a PR X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: dfilter service List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2013 14:20:01 -0000 The following reply was made to PR docs/167741; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: docs/167741: commit references a PR Date: Fri, 8 Feb 2013 14:14:13 +0000 (UTC) Author: des Date: Fri Feb 8 14:14:00 2013 New Revision: 246553 URL: http://svnweb.freebsd.org/changeset/base/246553 Log: Print a warning if not setuid root. Document the need for the setuid bit and how to set it. Explain why it isn't set by default, and suggest simply adding users to groups instead. PR: docs/167741 MFC after: 3 weeks Modified: head/usr.bin/newgrp/newgrp.1 head/usr.bin/newgrp/newgrp.c Modified: head/usr.bin/newgrp/newgrp.1 ============================================================================== --- head/usr.bin/newgrp/newgrp.1 Fri Feb 8 14:11:12 2013 (r246552) +++ head/usr.bin/newgrp/newgrp.1 Fri Feb 8 14:14:00 2013 (r246553) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2002 +.Dd February 8, 2013 .Dt NEWGRP 1 .Os .Sh NAME @@ -90,6 +90,15 @@ A utility appeared in .At v6 . .Sh BUGS +For security reasons, the +.Nm +utility is normally installed without the setuid bit. +To enable it, run the following command: +.Bd -literal -offset indent +chmod u+s /usr/bin/newgrp +.Ed +.Pp Group passwords are inherently insecure as there is no way to stop -users obtaining the crypted passwords from the group database. +users obtaining the password hash from the group database. Their use is discouraged. +Instead, users should simply be added to the necessary groups. Modified: head/usr.bin/newgrp/newgrp.c ============================================================================== --- head/usr.bin/newgrp/newgrp.c Fri Feb 8 14:11:12 2013 (r246552) +++ head/usr.bin/newgrp/newgrp.c Fri Feb 8 14:14:00 2013 (r246553) @@ -73,7 +73,8 @@ main(int argc, char *argv[]) { int ch, login; - euid = geteuid(); + if ((euid = geteuid()) != 0) + warnx("need root permissions to function properly, check setuid bit"); if (seteuid(getuid()) < 0) err(1, "seteuid"); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"