Re: Broken su in current - trying to fix myself, help needed!

Stefan Lambrev wrote:
Hi Bill,

韓家標 Bill Hacker wrote:
Stefan Lambrev wrote:
Hi,

*snip*

I will not be surprised if it occurs when building as an 'ordinary user' and does NOT occur when building as root....

BNL (BSD's Not Linux)....


I see something similar on all ports that have OPTIONS (make config).
Here is example (do this as user member of wheel, but not root):


Stop right there. '..NOT root'??

Why would I DO that?
You can do this by mistake for example. When you have 10 terminals sometimes you did not pay enough attention are you root or not

LOL! trust me to know that one! 50 years since I submitted my first card deck to a mainframe, but I did exactly that - twice, yet - in the last 24 hours..

Including EUID in the 'prompt' just need a hug and kiss, as I use several different shells...

Also you may want only to "read" what is the last configuration of a port using: make config (not configure!)
and for this you do not have to be root( see permitions of /var/db/ports/)

ACK.

Also it's a nice feature in FreeBSD ports, so I really do not know why not to use it, as it's a feature, but not a bug.


ACK.

Anyway why or why not does not matter.
The only think that matter is that doing this trigger the bug in "su".
Bug that does not exist in 6.2-STABLE or before, and normally bugs are exploited by users that are not root.


What Artem is seeing is not (yet) a 'bug' in su in my mind.

MC is 'in the way' of getting accurate response (smells of the classical DOS 'pause' when in echo-off, and/or at a point in time when stdio is not connected to the VTTY in use).

Unless/until mc is ether sorted or taken out of the loop, the result is not conclusive.

IOW - I can reproduce the 'fail-to-complete and say so' easily enough in any CLI shell so far mentioned, but I cannot reproduce the 'quietly go away and hide' behaviour in a 'raw' shell.

That doesn't mean that su is perfect.

But I'd not waste an su coder's time on su so long as there is a lack of transparency / lack of proper error return in mc's script handling.

Separate issue.

P.S. /usr/ports/Mk/ look for SU_CMD :)


And?

Are you of the opinion that suexec-* et al can over-ride system security when invoked by a non-root EUID caller?

I surely hope not...

;-)

Bill
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Relevant Pages