diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-01-07 09:51:23 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-01-07 09:51:23 +0000 |
commit | c5b76a7fa2d4c5de64ba37b96e6e24ca08ded6ba (patch) | |
tree | 0cdca948d8365f8f9843e59d529d067f8702f699 | |
parent | a2912bf3b6db70b68ecc15b3c44d787d6ca31876 (diff) |
more traditional semantics. if wheel group has no listed users, anyone
can su to root. default wheel group lists "root" as a user, thus
defaulting to a secure envirment. from arnej@pvv.unit.no; netbsd pr#1894
-rw-r--r-- | usr.bin/su/su.1 | 10 | ||||
-rw-r--r-- | usr.bin/su/su.c | 5 |
2 files changed, 10 insertions, 5 deletions
diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 index 7656ea88f9e..4165f970d75 100644 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)su.1 6.12 (Berkeley) 7/29/91 -.\" $Id: su.1,v 1.1 1995/10/18 08:46:09 deraadt Exp $ +.\" $Id: su.1,v 1.2 1996/01/07 09:51:21 deraadt Exp $ .\" .Dd July 29, 1991 .Dt SU 1 @@ -137,9 +137,13 @@ and options are mutually exclusive; the last one specified overrides any previous ones. .Pp -Only users in group 0 (normally +If group 0 (normally .Dq wheel ) -can +has users listed then only those users can +.Nm su +to +.Dq root . +Otherwise, anyone can .Nm su to .Dq root . diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index f5707090ca6..36b249cc1a3 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -39,7 +39,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$Id: su.c,v 1.2 1995/12/16 22:20:38 tholo Exp $"; +static char rcsid[] = "$Id: su.c,v 1.3 1996/01/07 09:51:22 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -155,7 +155,8 @@ main(argc, argv) #endif { /* only allow those in group zero to su to root. */ - if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))) + if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) + && gr->gr_mem && *(gr->gr_mem)) for (g = gr->gr_mem;; ++g) { if (!*g) { (void)fprintf(stderr, |