Package: libpam-runtime
Version: 0.79-3
Severity: important

Even if the goal of the pam_wheel module is to (quoting the docs) "only
permit root access to members of the wheel (gid=0) group", actually it
prevents non-wheel-group users to become *any* other user, not only
root.

My /etc/pam.d/su is:
----------------------------------------
auth       sufficient pam_rootok.so
auth       requisite  pam_wheel.so group=staff trust
...
----------------------------------------

Sample transcript:
----------------------------------------
mfc ~: id
uid=1000(mfc) gid=1000(mfc)
gruppi=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44
(video),50(staff),1000(mfc) mfc ~: su lale
Password:
lale /home/mfc: id
uid=1001(lale) gid=1001(lale) gruppi=1001(lale)
lale /home/mfc: su
su: Permission denied
Spiacente.
lale /home/mfc: su lucky
su: Permission denied
Spiacente.
lale /home/mfc:
----------------------------------------

As you can see, user "lale" who is not in the "staf" group, cannot su to
root (as intended), but cannot even su to user "lucky"!

Bye
        Matteo



-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to