OK, thank you.
I'd like to know if a syspatch is expected with this fix, or I have to
compile "su" by myself from sources.
Thanks.
On 10/20/18 6:47 PM, Theo de Raadt wrote:
You've found an unveil bug in su. It needs to allow read access to
/etc/shells also, for this specific !altshell + asme + ruid case.
Index: su.c
===================================================================
RCS file: /cvs/src/usr.bin/su/su.c,v
retrieving revision 1.71
diff -u -p -u -r1.71 su.c
--- su.c 23 Aug 2018 16:52:13 -0000 1.71
+++ su.c 20 Oct 2018 16:47:19 -0000
@@ -164,6 +164,8 @@ main(int argc, char **argv)
err(1, "unveil");
if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
err(1, "unveil");
+ if (unveil(_PATH_SHELLS, "r") == -1)
+ err(1, "unveil");
for (;;) {
/* get target user, default to root unless in -L mode */
Today I upgraded my desktop PC from OpenBSD amd64 6.3 to 6.4.
Up to 6.3 I was able to simply execute "su -m" to become superuser
while keeping all my enviroment. Now under 6.4 I'm no longer able to
do it:
casa:/home/giannici> su -m
Password:
su: permission denied (shell).
In the man page of su I see "As a security precaution, if the target
user's shell is a non-standard shell (as defined by getusershell(3))
and the caller's real UID is non-zero, su will fail.".
But here is the output of "/etc/shells":
casa:/home/giannici> cat /etc/shells
# $OpenBSD: shells,v 1.8 2009/02/14 17:06:40 sobrado Exp $
#
# list of acceptable shells for chpass(1).
# ftpd(8) will not allow users to connect who are not using
# one of these shells, unless the user is listed in /etc/ftpchroot.
/bin/sh
/bin/csh
/bin/ksh
/usr/local/bin/bash
/usr/local/bin/tcsh
And here is the first line of vipw:
root:$2b$XXXXXXXXXXXXXXXXSomeothercharacters:0:0:daemon:0:0:Charlie
&:/root:/bin/ksh
Why I can do "su" but I cannot do "su -m" anymore?
Thanks.
--
___________________________________________________
__
|- [email protected]
|ederico Giannici http://www.neomedia.it
Presidente del CDA - Neomedia S.r.l.
___________________________________________________
