Date: Wed, 8 Jul 1998 20:48:12 +0100 (IST) From: rotel@indigo.ie To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7218: /etc/security does not detect uid 0 correctly Message-ID: <199807081948.UAA01556@indigo.ie>
next in thread | raw e-mail | index | archive | help
>Number: 7218 >Category: bin >Synopsis: /etc/security does not detect uid 0 correctly >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 8 13:00:01 PDT 1998 >Last-Modified: >Originator: Niall Smart >Organization: >Release: FreeBSD 2.2.6-STABLE i386 >Environment: >Description: Michal Listos <mcl@Amnesiac.123.org> originally submitted this. The /etc/security script does not detect uid's of zero correctly because it uses a string mode comparison thus new root users with the uid specified as "00" will not be detected. Doh. OpenBSD's /etc/security looks very complete if anyone fancies merging some of their good ideas. >How-To-Repeat: >Fix: *** security~ Sat Jun 27 12:13:59 1998 --- security Wed Jul 8 20:38:28 1998 *************** *** 52,54 **** echo "checking for uids of 0:" ! awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd --- 52,54 ---- echo "checking for uids of 0:" ! awk -F: '$3 == 0 {print $1,$3}' /etc/master.passwd >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807081948.UAA01556>