[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl

Nicolas François nicolas.francois at centraliens.net
Sat Jun 4 17:58:03 UTC 2011


Here is a patch proposal. It forwards the right signal to the child also
supports SIGTSTP.

I would appreciate if this could be reviewed by somebody more confident
with signal processing than me.

I expect sudo to have the same issue.

Also sg probably has the same issue (i.e. it cannot be used to drop group
privileges). I will look at it.

Other utils to switch user or group might also be affected.
(Anybody got a list and could try?)

Best Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: su_628843.patch
Type: text/x-diff
Size: 3591 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110604/4f4c6c9c/attachment.patch>

More information about the Pkg-shadow-devel mailing list