From nsmart@indigo.ie  Wed Jul  8 12:52:37 1998
Received: from indigo.ie (nsmart@ts01-54.waterford.indigo.ie [194.125.139.117])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA19271
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 8 Jul 1998 12:52:32 -0700 (PDT)
          (envelope-from nsmart@indigo.ie)
Received: (from nsmart@localhost)
	by indigo.ie (8.8.8/8.8.7) id UAA01556;
	Wed, 8 Jul 1998 20:48:12 +0100 (IST)
	(envelope-from nsmart)
Message-Id: <199807081948.UAA01556@indigo.ie>
Date: Wed, 8 Jul 1998 20:48:12 +0100 (IST)
From: rotel@indigo.ie
Reply-To: rotel@indigo.ie
To: FreeBSD-gnats-submit@freebsd.org
Subject: /etc/security does not detect uid 0 correctly
X-Send-Pr-Version: 3.2

>Number:         7218
>Category:       bin
>Synopsis:       /etc/security does not detect uid 0 correctly
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul  8 13:00:01 PDT 1998
>Closed-Date:    Wed Jul 8 15:43:08 PDT 1998
>Last-Modified:  Wed Jul  8 15:44:57 PDT 1998
>Originator:     Niall Smart
>Release:        FreeBSD 2.2.6-STABLE i386
>Organization:
>Environment:

>Description:

Michal Listos <mcl@Amnesiac.123.org> originally submitted this.

The /etc/security script does not detect uid's of zero correctly
because it uses a string mode comparison thus new root users with
the uid specified as "00" will not be detected.  Doh.

OpenBSD's /etc/security looks very complete if anyone fancies
merging some of their good ideas.

>How-To-Repeat:

>Fix:

*** security~    Sat Jun 27 12:13:59 1998
--- security       Wed Jul  8 20:38:28 1998
***************
*** 52,54 ****
  echo "checking for uids of 0:"
! awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
  
--- 52,54 ----
  echo "checking for uids of 0:"
! awk -F: '$3 == 0 {print $1,$3}' /etc/master.passwd


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Wed Jul 8 15:43:08 PDT 1998 
State-Changed-Why:  
Fixed in rev 1.25 (-current) and rev 1.16.2.6 (2.2.6-STABLE). 
>Unformatted:
