Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Apr 2001 13:28:23 -0400
From:      "Kherry Zamore" <dknj@dknj.org>
To:        <freebsd-stable@freebsd.org>
Cc:        <freebsd-security@freebsd.org>
Subject:   su change?
Message-ID:  <005401c0bc63$7cb36650$0202a8c0@majorzoot>

next in thread | raw e-mail | index | archive | help
Just recently my friend locked himself out of his machine by changing root's
shell to a nonexisting file.  The only way he could become root again was by
rebooting the machine into single user mode and changing it from there.  Now
while I know that its foolish to change root's shell in the first place, i
don't think this is an acceptable punishment for those that do.

According to su.c, if the user you are changing to does not have a valid
shell, su complains and exits.  A valid thing to do in today's security
conscience society.  Now, lets say you want to become root to fix this
invalid shell problem.. su's nature is to complain and exit.  The fix is
rather simple, somewhere around line 310 in su.c is:

if (!chshell(pwd->pw_shell) && ruid)
    errx(1, "permission denied (shell).");

The only thing we need to prepend to this is a check to see if we are trying
to su to root, which we should allow regardless of the shell specified:

if (pwd->pw_uid)
    if (!chshell(pwd->pw_shell) && ruid)
        errx(1, "permission denied (shell).");

Patches are available here (tested on 4.1):
http://www.dknj.org/sourcecode/patches/su/


-= Kherry Zamore -=- (757) 683-7386 =-
-= Resident Computer & Network Geek/God =-
-= http://www.dknj.org =-


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005401c0bc63$7cb36650$0202a8c0>