Date: Sun, 17 Jun 2001 09:22:37 +0200 (CEST) From: xaa@dohd.org To: FreeBSD-gnats-submit@freebsd.org Subject: bin/28223: su doesn't look at login.conf all the time Message-ID: <20010617072237.26B055E14@tiggr.local.dohd.org>
next in thread | raw e-mail | index | archive | help
>Number: 28223 >Category: bin >Synopsis: su doesn't look at login.conf all the time >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 17 00:30:03 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Mark Huizer >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD tiggr.local.dohd.org 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sat Jun 2 10:41:56 MET DST 2001 xaa@eeyore.local.dohd.org:/usr2/sources/obj/usr2/sources/src/sys/tiggr i386 Problem exists since at least FreeBSD 2.2.7 (see also the closed PR bin/9495) >Description: If a user is given an illegal shell in /etc/login.conf (e.g. for a login class called 'lockout'), su will happily su to that user. This should not be allowed if a mortal user su's to another mortal user. >How-To-Repeat: create loginclass with e.g. /usr/bin/false as shell, su to that user, yeah... >Fix: The old quick and dirty patch to su.c was: 355a356,360 > #ifdef LOGIN_CAP > if (!chshell(login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell)) && ruid) > errx(1, "permission denied (shell)."); > else > #endif 366a372 > Haven't tested if it still applies cleanly, but the idea stands >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010617072237.26B055E14>