Date: Sun, 17 Jun 2001 09:22:37 +0200 (CEST) From: xaa@dohd.org To: FreeBSD-gnats-submit@freebsd.org Subject: bin/28223: su doesn't look at login.conf all the time Message-ID: <20010617072237.26B055E14@tiggr.local.dohd.org>
next in thread | raw e-mail | index | archive | help
>Number: 28223
>Category: bin
>Synopsis: su doesn't look at login.conf all the time
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jun 17 00:30:03 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Mark Huizer
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD tiggr.local.dohd.org 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sat Jun 2 10:41:56 MET DST 2001 xaa@eeyore.local.dohd.org:/usr2/sources/obj/usr2/sources/src/sys/tiggr i386
Problem exists since at least FreeBSD 2.2.7 (see also the closed PR
bin/9495)
>Description:
If a user is given an illegal shell in /etc/login.conf (e.g. for a login
class called 'lockout'), su will happily su to that user. This should not be
allowed if a mortal user su's to another mortal user.
>How-To-Repeat:
create loginclass with e.g. /usr/bin/false as shell, su to that user,
yeah...
>Fix:
The old quick and dirty patch to su.c was:
355a356,360
> #ifdef LOGIN_CAP
> if (!chshell(login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell)) && ruid)
> errx(1, "permission denied (shell).");
> else
> #endif
366a372
>
Haven't tested if it still applies cleanly, but the idea stands
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010617072237.26B055E14>