[Pkg-shadow-devel] Bug#628843: (forw) Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl

Thijs Kinkhorst thijs at debian.org
Thu Jun 9 19:53:43 UTC 2011

Op donderdag 02 juni 2011 07:34:59 schreef Christian PERRIER:
> Security team, I need advice and help here. My co-maintainer for
> shadow, Nicolas, is more or less MIA, so I'm left nearly alone to
> maintain shadow. As Nicolas was also upstream, you understand how
> desperate is my situation..:-)
> (maybe this bug will ring a bell for Nicolas, still)
> My expertise is, as you may expect, way outreached. So, in short, what
> I need is someone with enough expertise to look at this bug report and
> help deciding if adopting Redhat's patch is correct (assuming it
> applies: I'm not sure that RH is using the same "su" than we do).
> Mail CC'ed to submitter, too, so that Daniel also knows that the only
> person who answers....needs help..:-)

Hi Christian,

I'm just mailing to confirm that we did record the issue in our tracker and to 
point out that this issue is currently also discueed on oss-security:


More information about the Pkg-shadow-devel mailing list