Subject: bin/139: 'su - games' as root segfaults
To: None <gnats-admin>
From: Mike Long <mike.long@analog.com>
List: netbsd-bugs
Date: 02/24/1994 22:20:01
>Number: 139
>Category: bin
>Synopsis: 'su - games' as root segfaults
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: gnats-admin (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Feb 24 22:20:01 1994
>Originator: Mike Long
>Organization:
Yeah, right.
>Release: NetBSD-current 12/6/94
>Environment:
System: NetBSD azathoth.boston.ma.us 0.9a AZATHOTH#0 i386
su.c: $Id: su.c,v 1.8 1994/01/07 16:05:42 mycroft Exp $
>Description:
Executing 'su - games' as root causes a segmentation fault when user
'games' has an empty login shell field in /etc/passwd. The variable
iscsh in su.c is set to NO, and consequently avshell is never set.
The call to strcpy() that follows tries to copy from avshell,
dereferences the null pointer and BOOM!
>How-To-Repeat:
su - games
>Fix:
*** su.c~ Sat Jan 8 05:55:42 1994
--- su.c Fri Feb 25 00:35:45 1994
***************
*** 203,208 ****
--- 203,210 ----
avshell = shell;
iscsh = strcmp(avshell, "csh") ? NO : YES;
}
+ else
+ avshell = shell;
/* set permissions */
if (setgid(pwd->pw_gid) < 0) {
>Audit-Trail:
>Unformatted:
------------------------------------------------------------------------------