[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Nicolas François
nicolas.francois at centraliens.net
Sat Jun 4 17:58:03 UTC 2011
Hello,
Here is a patch proposal. It forwards the right signal to the child also
supports SIGTSTP.
I would appreciate if this could be reviewed by somebody more confident
with signal processing than me.
I expect sudo to have the same issue.
Also sg probably has the same issue (i.e. it cannot be used to drop group
privileges). I will look at it.
Other utils to switch user or group might also be affected.
(Anybody got a list and could try?)
Best Regards,
--
Nekral
-------------- next part --------------
A non-text attachment was scrubbed...
Name: su_628843.patch
Type: text/x-diff
Size: 3591 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110604/4f4c6c9c/attachment.patch>
More information about the Pkg-shadow-devel
mailing list