From owner-doc-jp-work@jp.FreeBSD.org Tue May 21 23:17:05 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g4LEH5t97170;
	Tue, 21 May 2002 23:17:05 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from ai (m144-001.tokyu-net.catv.ne.jp [210.148.144.1])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g4LEH3v97165;
	Tue, 21 May 2002 23:17:03 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from localhost (localhost [127.0.0.1])
	by  ai (8.12.3/8.12.3) with ESMTP id g4LDkbW0094897;
	Tue, 21 May 2002 22:46:38 +0900 (JST)
Date: Tue, 21 May 2002 22:46:36 +0900 (JST)
Message-Id: <20020521.224636.85406910.y-koga@jp.FreeBSD.org>
To: doc-jp-work@jp.FreeBSD.org
From: Koga Youichirou <y-koga@jp.FreeBSD.org>
In-Reply-To: <20020521.020826.41633083.hrs@eos.ocn.ne.jp>
References: <200205201608.g4KG82m23915@freefall.freebsd.org>
	<20020521.020826.41633083.hrs@eos.ocn.ne.jp>
X-Mailer: Mew version 3.0.55 on Emacs 21.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020417
X-Sequence: doc-jp-work 368
Subject: [doc-jp-work 368] Re: FreeBSD Security Advisory
 FreeBSD-SA-02:24.k5su
Errors-To: owner-doc-jp-work@jp.FreeBSD.org
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: y-koga@jp.FreeBSD.org

Hiroki Sato <hrs@eos.ocn.ne.jp>:
>  $B$H$j$"$($:(B 1 $B8DL\!#(B

$BAGAa$$!#(B

> FreeBSD-SA-02:24.k5su                                       Security Advisory
- snip -
> I.   $BGX7J(B - Background
> 
> The k5su utility is a SU utility similar to su(1), and is used to
> switch privileges after authentication using Kerberos 5 or the local
> passwd(5) file.
> k5su $B%f!<%F%#%j%F%#$O(B su(1) $B$K;w$?(B SU $B%f!<%F%#%j%F%#$N0l$D$G!"(BKerberos 5 $B$d(B
> $B%m!<%+%k$N(B passwd(5) $B$K$h$kG'>Z8e$K%f!<%68"8B$r@Z$jBX$($k$?$a$K;H$o$l$^$9!#(B

Kerberos 5 $B$d%m!<%+%k$N(B passwd(5) $B%U%!%$%k$r;HMQ$7$?G'>Z8e$K!D(B

> Neither of
> these are default settings.
> $B$?$@$7!"$3$l$i$O$$$:$l$bI8=`$G$O$"$j$^$;$s(B ($BLuCm(B: $BI8=`$G$O(B krb5 $BG[I[J*$O(B
> $B%$%s%9%H!<%k$5$l$:!"(BMAKE_KERBEROS5 $B$b@_Dj$5$l$F$$$^$;$s(B)$B!#(B

> As of the correction date, FreeBSD (including the
> upcoming 4.6-RELEASE) will install k5su if requested, but the
> set-user-ID bit will not be enabled by default.
> $B=$@5F|0J9_$N(B FreeBSD ($B%j%j!<%9$,(B
> $BM=Dj$5$l$F$$$k(B 4.6-RELEASE $B$r4^$`(B) $B$G(B k5su $B$N%$%s%9%H!<%k$r(B
> $B9T$J$C$?>l9g!"I8=`$G$O(B set-user-ID $B%S%C%H$,M-8z$K$J$j$^$;$s!#(B

default $B$rI8=`$HLu$9$N$O$A$g$C$H7y$@$J!#(B
----
$B$3$,$h$&$$$A$m$&(B
