[Pkg-shadow-devel] patch for su - 2
Tomasz Kłoczko
kloczek@zie.pg.gda.pl
Sat, 4 Jun 2005 19:58:06 +0200 (CEST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--568760595-47543928-1117907886=:3825
Content-Type: TEXT/PLAIN; charset=utf-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Sat, 4 Jun 2005, Alexander Gattin wrote:
> Hi!!
>=20
> On Fri, Jun 03, 2005 at 01:24:41AM +0200, Nicolas Fran=C3=A7ois wrote:
> > UID 0 is not necessary named root.
>=20
> Yes!
>=20
> > This patch retrieve the username of the user with UID 0.
>=20
> But which one (root, sashroot, toor?) ;) if there are
> several usernames with uid =3D=3D 0?
>=20
> // answer is probably: "the 1st one" :)
>=20
> > Goal: don't assume uid 0 =3D=3D "root", use getpwuid to fetch it
> > Fixes: #81924
>=20
> As for bug #81924 -- this patch suffices. In general,
> su manpage should clearly state that `su` or `su -`
> switches to first username that has zero uid.
>=20
> Tomasz, Nicolas -- what do you think about it?
This shows some kind of top od iceberg :>
Yes .. shadow must be adapted for system where admin privilidges=20
are not concentrated in account with UID=3D0.
This IMO need some template solution which will consiste with two parts:
1) detection are we in system with classisc administration where admin=20
account it is account with UID=3D0,
2) depending on 1) handle case in classic way or not.
So IMO this patch is still incomplet.
Some for above patrts are now implemented in SELINUX conditions.
kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=B1 problem=F3w, tylko sobie sami je stwarzaj=B1*
-----------------------------------------------------------
Tomasz K=B3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.p=
l*
--568760595-47543928-1117907886=:3825--