The following reply was made to PR docs/167741; it has been noted by GNATS.
From: [email protected] (dfilter service) To: [email protected] Cc: Subject: Re: docs/167741: commit references a PR Date: Thu, 11 Jul 2013 12:47:19 +0000 (UTC) Author: des Date: Thu Jul 11 12:47:06 2013 New Revision: 253205 URL: http://svnweb.freebsd.org/changeset/base/253205 Log: MFH (r246553): document and explain need for setuid bit. PR: docs/167741 Modified: stable/9/usr.bin/newgrp/newgrp.1 stable/9/usr.bin/newgrp/newgrp.c Directory Properties: stable/9/usr.bin/newgrp/ (props changed) Modified: stable/9/usr.bin/newgrp/newgrp.1 ============================================================================== --- stable/9/usr.bin/newgrp/newgrp.1 Thu Jul 11 12:46:35 2013 (r253204) +++ stable/9/usr.bin/newgrp/newgrp.1 Thu Jul 11 12:47:06 2013 (r253205) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2002 +.Dd February 8, 2013 .Dt NEWGRP 1 .Os .Sh NAME @@ -90,6 +90,15 @@ A utility appeared in .At v6 . .Sh BUGS +For security reasons, the +.Nm +utility is normally installed without the setuid bit. +To enable it, run the following command: +.Bd -literal -offset indent +chmod u+s /usr/bin/newgrp +.Ed +.Pp Group passwords are inherently insecure as there is no way to stop -users obtaining the crypted passwords from the group database. +users obtaining the password hash from the group database. Their use is discouraged. +Instead, users should simply be added to the necessary groups. Modified: stable/9/usr.bin/newgrp/newgrp.c ============================================================================== --- stable/9/usr.bin/newgrp/newgrp.c Thu Jul 11 12:46:35 2013 (r253204) +++ stable/9/usr.bin/newgrp/newgrp.c Thu Jul 11 12:47:06 2013 (r253205) @@ -73,7 +73,8 @@ main(int argc, char *argv[]) { int ch, login; - euid = geteuid(); + if ((euid = geteuid()) != 0) + warnx("need root permissions to function properly, check setuid bit"); if (seteuid(getuid()) < 0) err(1, "seteuid"); _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "[email protected]"
