diff -cprN sh-utils-2.0.11.orig/src/Makefile.am sh-utils-2.0.11/src/Makefile.am *** sh-utils-2.0.11.orig/src/Makefile.am Wed Feb 13 17:09:18 2002 --- sh-utils-2.0.11/src/Makefile.am Wed Feb 13 17:09:51 2002 *************** sleep_DEPENDENCIES = $(LDADD) *** 44,50 **** uptime_LDADD = $(LDADD) @GETLOADAVG_LIBS@ uptime_DEPENDENCIES = $(LDADD) ! su_LDADD = $(LDADD) @LIB_CRYPT@ @LIB_PAM@ su_DEPENDENCIES = $(LDADD) $(PROGRAMS): ../lib/libfetish.a --- 44,50 ---- uptime_LDADD = $(LDADD) @GETLOADAVG_LIBS@ uptime_DEPENDENCIES = $(LDADD) ! su_LDADD = $(LDADD) @LIB_CRYPT@ @LIB_PAM@ -lvsd su_DEPENDENCIES = $(LDADD) $(PROGRAMS): ../lib/libfetish.a diff -cprN sh-utils-2.0.11.orig/src/Makefile.in sh-utils-2.0.11/src/Makefile.in *** sh-utils-2.0.11.orig/src/Makefile.in Sun Oct 29 07:58:42 2000 --- sh-utils-2.0.11/src/Makefile.in Wed Feb 13 17:11:58 2002 *************** PROGRAMS = $(bin_PROGRAMS) *** 190,196 **** CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ ! LIBS = @LIBS@ ANSI2KNR = @ANSI2KNR@ basename_SOURCES = basename.c basename_OBJECTS = basename$U.o --- 190,196 ---- CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ ! LIBS = @LIBS@ -lvsd ANSI2KNR = @ANSI2KNR@ basename_SOURCES = basename.c basename_OBJECTS = basename$U.o diff -cprN sh-utils-2.0.11.orig/src/su.c sh-utils-2.0.11/src/su.c *** sh-utils-2.0.11.orig/src/su.c Wed Feb 13 17:09:18 2002 --- sh-utils-2.0.11/src/su.c Wed Feb 13 17:09:51 2002 *************** *** 102,107 **** --- 102,109 ---- #include "system.h" #include "closeout.h" + #include + #undef getusershell #if HAVE_SYSLOG_H && HAVE_SYSLOG *************** *** 166,172 **** #define DEFAULT_SHELL "/bin/sh" /* The user to become if none is specified. */ ! #define DEFAULT_USER "root" #ifndef USE_PAM char *crypt (); --- 168,174 ---- #define DEFAULT_SHELL "/bin/sh" /* The user to become if none is specified. */ ! #define DEFAULT_USER "admin" #ifndef USE_PAM char *crypt (); *************** correct_password (const struct passwd *p *** 323,329 **** * are created later with pam_setcred(). */ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh); PAM_BAIL_P; ! if (getuid () == 0) return 1; if (!isatty(0)) { --- 325,331 ---- * are created later with pam_setcred(). */ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh); PAM_BAIL_P; ! if (getuid () == 0 || vsd_admin_user (getuid ())) return 1; if (!isatty(0)) { *************** correct_password (const struct passwd *p *** 356,362 **** #endif correct = pw->pw_passwd; ! if (getuid () == 0 || correct == 0 || correct[0] == '\0') return 1; unencrypted = getpass (_("Password:")); --- 358,365 ---- #endif correct = pw->pw_passwd; ! if (getuid () == 0 || correct == 0 || correct[0] == '\0' ! || vsd_admin_user (getuid ())) return 1; unencrypted = getpass (_("Password:")); *************** main (int argc, char **argv) *** 708,713 **** --- 711,718 ---- pw = getpwnam (new_user); if (pw == 0) error (1, 0, _("user %s does not exist"), new_user); + if (! vsd_validate_user_uid (pw->pw_uid) || pw->pw_uid == 0) + error (1, 0, _("cannot su to %s"), pw->pw_name); endpwent (); /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER