From c5b76a7fa2d4c5de64ba37b96e6e24ca08ded6ba Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Sun, 7 Jan 1996 09:51:23 +0000 Subject: more traditional semantics. if wheel group has no listed users, anyone can su to root. default wheel group lists "root" as a user, thus defaulting to a secure envirment. from arnej@pvv.unit.no; netbsd pr#1894 --- usr.bin/su/su.1 | 10 +++++++--- usr.bin/su/su.c | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 index 7656ea88f9e..4165f970d75 100644 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)su.1 6.12 (Berkeley) 7/29/91 -.\" $Id: su.1,v 1.1 1995/10/18 08:46:09 deraadt Exp $ +.\" $Id: su.1,v 1.2 1996/01/07 09:51:21 deraadt Exp $ .\" .Dd July 29, 1991 .Dt SU 1 @@ -137,9 +137,13 @@ and options are mutually exclusive; the last one specified overrides any previous ones. .Pp -Only users in group 0 (normally +If group 0 (normally .Dq wheel ) -can +has users listed then only those users can +.Nm su +to +.Dq root . +Otherwise, anyone can .Nm su to .Dq root . diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index f5707090ca6..36b249cc1a3 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -39,7 +39,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$Id: su.c,v 1.2 1995/12/16 22:20:38 tholo Exp $"; +static char rcsid[] = "$Id: su.c,v 1.3 1996/01/07 09:51:22 deraadt Exp $"; #endif /* not lint */ #include @@ -155,7 +155,8 @@ main(argc, argv) #endif { /* only allow those in group zero to su to root. */ - if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))) + if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) + && gr->gr_mem && *(gr->gr_mem)) for (g = gr->gr_mem;; ++g) { if (!*g) { (void)fprintf(stderr, -- cgit v1.2.3