[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
nicolas.francois at centraliens.net
Sat Jun 4 17:58:03 UTC 2011
Here is a patch proposal. It forwards the right signal to the child also
I would appreciate if this could be reviewed by somebody more confident
with signal processing than me.
I expect sudo to have the same issue.
Also sg probably has the same issue (i.e. it cannot be used to drop group
privileges). I will look at it.
Other utils to switch user or group might also be affected.
(Anybody got a list and could try?)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3591 bytes
Desc: not available
More information about the Pkg-shadow-devel