Subject: Re: bin/1463: su doesn't correctly test for membership in "wheel"
To: None <netbsd-bugs@NetBSD.ORG>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
List: netbsd-bugs
Date: 09/15/1995 07:13:42
> 	% grep davide /etc/passwd
> 	davide:*:4435:0:Dave Eckhardt:/usr/davide:/bin/csh
> 	% grep wheel /etc/group
> 	wheel:*:0:root
> 	% id
> 	uid=4435(davide) gid=0(wheel) groups=0(wheel)
> 	% su
> 	su: you are not in the correct group to su root.

> 	Assuming this is an oversight rather than a policy decision,
> 	the check should be something like
> 	if (pwd->pw_uid == 0 && pwd->pw_gid != 0 && (gr = getgrgid((gid_t)0)))

But that assumes that wheel is GID 0.  This means that all the docs
would have to be changed to say "group id 0" instead of "group wheel".

> 	Interestingly enough, it looks like this code will let anybody
> 	su to root if there is no "wheel" entry in /etc/
> 	this a fail-safe?

I would say it is correct.  If nothing else, it allows people who don't
like the "only wheel may su to root" policy to get their desired
behavior without having to hack the source.  (I certainly know if _I_
had noticed that NetBSD had restricted-su-to-root, I would have gone
looking for a way to disable it.)

					der Mouse