From root@dohd.org  Sun Jun 17 00:22:38 2001
Return-Path: <root@dohd.org>
Received: from nala.dohd.org (a29150.upc-a.chello.nl [62.163.29.150])
	by hub.freebsd.org (Postfix) with ESMTP id 23E6D37B407
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Jun 2001 00:22:38 -0700 (PDT)
	(envelope-from root@dohd.org)
Received: from tiggr.local.dohd.org (tiggr6.local.dohd.org [2001:610:1108:5201:250:fcff:fe0b:c665])
	by nala.dohd.org (Postfix) with ESMTP id 455B0D906
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Jun 2001 09:22:37 +0200 (MET DST)
Received: by tiggr.local.dohd.org (Postfix, from userid 0)
	id 26B055E14; Sun, 17 Jun 2001 09:22:37 +0200 (CEST)
Message-Id: <20010617072237.26B055E14@tiggr.local.dohd.org>
Date: Sun, 17 Jun 2001 09:22:37 +0200 (CEST)
From: xaa@dohd.org
Reply-To: xaa@dohd.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: su doesn't look at login.conf all the time
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         28223
>Category:       bin
>Synopsis:       su(1) doesn't look at login.conf all the time
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 17 00:30:03 PDT 2001
>Closed-Date:    
>Last-Modified:  Thu Sep 27 07:04:11 UTC 2012
>Originator:     Mark Huizer
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD tiggr.local.dohd.org 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sat Jun 2 10:41:56 MET DST 2001 xaa@eeyore.local.dohd.org:/usr2/sources/obj/usr2/sources/src/sys/tiggr i386

	Problem exists since at least FreeBSD 2.2.7 (see also the closed PR
bin/9495)

>Description:
If a user is given an illegal shell in /etc/login.conf (e.g. for a login
class called 'lockout'), su will happily su to that user. This should not be
allowed if a mortal user su's to another mortal user.
>How-To-Repeat:
   create loginclass with e.g. /usr/bin/false as shell, su to that user,
   yeah...
>Fix:

   The old quick and dirty patch to su.c was:
355a356,360
     > #ifdef LOGIN_CAP
     >               if (!chshell(login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell)) && ruid)
     >                       errx(1, "permission denied (shell).");
     >               else
     > #endif
     366a372
     > 
   Haven't tested if it still applies cleanly, but the idea stands
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: remko 
State-Changed-When: Wed Mar 7 21:22:42 UTC 2007 
State-Changed-Why:  
Hi Mark (timewaster ;-)) is this still relevant to recent FreeBSD versions? 


Responsible-Changed-From-To: freebsd-bugs->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Wed Mar 7 21:22:42 UTC 2007 
Responsible-Changed-Why:  
I will bring this PR to a good end for our timewaster.. :) 


http://www.freebsd.org/cgi/query-pr.cgi?pr=28223 

From: Mark Huizer <xaa@timewasters.nl>
To: bug-followup@FreeBSD.org,  xaa@dohd.org
Cc:  
Subject: Re: bin/28223: su doesn't look at login.conf all the time
Date: Wed, 07 Mar 2007 23:52:57 +0100

 Just tested it, and the situation hasn't changed.
 If ssh to the user, it is locked out. If I su to the user, I get a shell 
 without a problem
 
 Mark
State-Changed-From-To: feedback->analyzed 
State-Changed-By: linimon 
State-Changed-When: Sat Mar 1 19:44:16 UTC 2008 
State-Changed-Why:  
Problem has been still confirmed to exist. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=28223 
State-Changed-From-To: analyzed->open 
State-Changed-By: eadler 
State-Changed-When: Sun Jul 1 15:59:37 UTC 2012 
State-Changed-Why:  
unowned PRs should not be in analyzed state 

http://www.freebsd.org/cgi/query-pr.cgi?pr=28223 
Responsible-Changed-From-To: remko->freebsd-bugs 
Responsible-Changed-By: remko 
Responsible-Changed-When: Thu Sep 27 07:03:51 UTC 2012 
Responsible-Changed-Why:  
REassign to the pool, I have to admit that I will not be resolving this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=28223 
>Unformatted:
