[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Fabien C.
v72vogpjiqt4b5j at jetable.org
Sun Mar 3 20:10:20 UTC 2013
Hello,
I think Ismaël has a point here:
> I'm bumping this bug to point out that the problem is not 100% fixed.
> Even though "su -c" is now safe, interactive "su" or "su -" are still at
> risk and this should probably be reflected here on the BTS.
I successfully used this on my up-to-date Squeeze system.
However, one can use the following workaround to avoid giving root access:
# exec su baduser
However this is still problematic:
niceguy$ su
root$ exec su badguy
badguy$ ./exploit.pl
=> the command is still launched by niceguy.
Not sure if a "good" solution exists...
Fabien C.
More information about the Pkg-shadow-devel
mailing list