summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1996-01-07 09:51:23 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1996-01-07 09:51:23 +0000
commitc5b76a7fa2d4c5de64ba37b96e6e24ca08ded6ba (patch)
tree0cdca948d8365f8f9843e59d529d067f8702f699
parenta2912bf3b6db70b68ecc15b3c44d787d6ca31876 (diff)
more traditional semantics. if wheel group has no listed users, anyone
can su to root. default wheel group lists "root" as a user, thus defaulting to a secure envirment. from arnej@pvv.unit.no; netbsd pr#1894
-rw-r--r--usr.bin/su/su.110
-rw-r--r--usr.bin/su/su.c5
2 files changed, 10 insertions, 5 deletions
diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1
index 7656ea88f9e..4165f970d75 100644
--- a/usr.bin/su/su.1
+++ b/usr.bin/su/su.1
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)su.1 6.12 (Berkeley) 7/29/91
-.\" $Id: su.1,v 1.1 1995/10/18 08:46:09 deraadt Exp $
+.\" $Id: su.1,v 1.2 1996/01/07 09:51:21 deraadt Exp $
.\"
.Dd July 29, 1991
.Dt SU 1
@@ -137,9 +137,13 @@ and
options are mutually exclusive; the last one specified
overrides any previous ones.
.Pp
-Only users in group 0 (normally
+If group 0 (normally
.Dq wheel )
-can
+has users listed then only those users can
+.Nm su
+to
+.Dq root .
+Otherwise, anyone can
.Nm su
to
.Dq root .
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index f5707090ca6..36b249cc1a3 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
-static char rcsid[] = "$Id: su.c,v 1.2 1995/12/16 22:20:38 tholo Exp $";
+static char rcsid[] = "$Id: su.c,v 1.3 1996/01/07 09:51:22 deraadt Exp $";
#endif /* not lint */
#include <sys/param.h>
@@ -155,7 +155,8 @@ main(argc, argv)
#endif
{
/* only allow those in group zero to su to root. */
- if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
+ if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
+ && gr->gr_mem && *(gr->gr_mem))
for (g = gr->gr_mem;; ++g) {
if (!*g) {
(void)fprintf(stderr,