Subject: bin/1463: su doesn't correctly test for membership in "wheel"
To: None <gnats-bugs@NetBSD.ORG>
From: None <davide@PIPER.NECTAR.CS.CMU.EDU>
List: netbsd-bugs
Date: 09/14/1995 16:43:36
>Number:         1463
>Category:       bin
>Synopsis:       su checks /etc/groups for "wheel" membership, but not /etc/passwd
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 14 16:50:00 1995
>Originator:     David Eckhardt
Carnegie Mellon University Computer Science
>Release:        NetBSD-0812
	System: NetBSD 1.0A NetBSD 1.0A (IJET) #152: Sat Jul 15 14:38:58 EDT 1995 kosak@river:/usr/src/sys/arch/i386/compile/IJET i386

	% grep davide /etc/passwd
	davide:*:4435:0:Dave Eckhardt:/usr/davide:/bin/csh
	% grep wheel /etc/group
	% id
	uid=4435(davide) gid=0(wheel) groups=0(wheel)
	% su
	su: you are not in the correct group to su root.

	The relevant code in su looks like:

	if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
		for (g = gr->gr_mem;; ++g) {
			if (!*g) {
			"su: you are not in the correct group to su %s.\n",
			if (!strcmp(username, *g))

	See above /etc/passwd and /etc/group lines
	Assuming this is an oversight rather than a policy decision, the
	check should be something like
	if (pwd->pw_uid == 0 && pwd->pw_gid != 0 && (gr = getgrgid((gid_t)0)))
	Interestingly enough, it looks like this code will let anybody su
	to root if there is no "wheel" entry in /etc/ this a