Page MenuHomeFreeBSD
Differential D52463

ksu: Remove ENABLE_SUID_K5SU
AbandonedPublic
Actions

Authored by cy on Sep 9 2025, 4:50 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 2, 3:57 PM
Unknown Object (File)
Mon, Sep 22, 3:23 PM
Unknown Object (File)
Sun, Sep 21, 3:49 PM
Unknown Object (File)
Sep 14 2025, 4:53 AM
Unknown Object (File)
Sep 10 2025, 11:24 AM
Unknown Object (File)
Sep 10 2025, 7:30 AM
Unknown Object (File)
Sep 10 2025, 4:14 AM
Unknown Object (File)
Sep 10 2025, 3:26 AM
View All 10 Files
Subscribers
cperciva
imp
ziaee

Details

Reviewers
des
ivy
emaste
delphij
Group Reviewers
krb5
Summary

ksu without setuid is useless. This affects binary-only (traditional
install and pkgbass) users.

Reported by: Dan Mahoney <dmahoney@isc.org>
MFC after: 3 days
MFC to: 15/stable

Test Plan

Running here.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 66932
Build 63815: arc lint + arc unit

Event Timeline

cy created this revision.Sep 9 2025, 4:50 PM
Herald added subscribers: ziaee, imp. · View Herald TranscriptSep 9 2025, 4:50 PM
cy requested review of this revision.Sep 9 2025, 4:50 PM
Harbormaster completed remote builds in B66932: Diff 161814.Sep 9 2025, 4:50 PM
cy edited the test plan for this revision. (Show Details)Sep 9 2025, 4:51 PM
cy added reviewers: des, ivy, emaste, delphij.
cy added a subscriber: cperciva.Sep 9 2025, 4:55 PM
ivy added a comment.Sep 9 2025, 5:04 PM

can we just remove this entirely in favour of su(1) with pam_ksu(8)? i believe this provides the same functionality, with the benefit of removing a setuid executable and allowing the user to easily configure whether they want this enabled or not.

otherwise, we're adding another unconfigurable setuid executable to the base system, which is not ideal from a security standpoint.

ivy added a reviewer: krb5.Sep 9 2025, 5:05 PM
cy added a comment.Sep 9 2025, 7:46 PM
In D52463#1198005, @ivy wrote:

can we just remove this entirely in favour of su(1) with pam_ksu(8)? i believe this provides the same functionality, with the benefit of removing a setuid executable and allowing the user to easily configure whether they want this enabled or not.

otherwise, we're adding another unconfigurable setuid executable to the base system, which is not ideal from a security standpoint.

No. Because ksu is,

a) Provided by Kerberos (MIT and Heimdal). Any users and scripts that expect the file to be there must now be FreeBSD-ized.

b) ksu is a different application than su.

c) su(1) never did work with kerberos.

cy abandoned this revision.Sep 9 2025, 7:47 PM

Dan Mahoney <dmahoney@isc.org> has notified me they use a puppet script to chmod ksu. As long as people know to do this fine by me.

Revision Contents
Changeset List

PathSize
kerberos5/
usr.bin/
ksu/
2 lines
krb5/
usr.bin/
ksu/
2 lines
share/
examples/
etc/
6 lines
man/
man5/
5 lines

Diff 161814

View Options

kerberos5/usr.bin/ksu/Makefile

Loading...
View Options

krb5/usr.bin/ksu/Makefile

Loading...
View Options

share/examples/etc/make.conf

Loading...
View Options

share/man/man5/make.conf.5

Loading...