[Pkg-shadow-devel] Bug#288827: Debian bug 288827 : su ignores signals inconsistently

Christian Perrier Christian Perrier <bubulle@debian.org>, 288827@bugs.debian.org
Mon, 20 Jun 2005 23:40:33 +0200


>From the bug reporter:

=====================================
su cannot be terminated by pressing ctrl+c (sending a SIGINT to the
process).  It appears this change was made about 4 years ago in response
to bug #52372.  There it was suggested the being able to terminate su was
a security issue.  This is a weak claim at best since the ability to su
can be restricted to certain users and even with only one login, a user
can run many instances of su concurrently.

However, my main point is that su does not ignore SIGQUIT and thus can be
terminated immediately by pressing ctrl+\ .  Other signals probably will
terminate su as well.  My suggestion is to revert the changes that ignore
SIGINT during authentication.  I suspect that this will be a simple change
to reverse, but if you wish, I will gladly submit a patch for this.

I am using the unstable distribution (sid) of Debian GNU/Linux.  I suspect
that this issue is present in other versions as well.

This issue also exists in login version 4.0.3-30.4 using the testing
distribution of Debian GNU/Linux.
=====================================


This is done in 008_su_ignore_SIGINT

Nicolas, could we also have su ignore SIGQUIT the same way?

Would it be worth implementing upstream (both signal ignored) os is
this too Debian specific?



--