[Pkg-shadow-devel] Bug#663200: Bug#659878: cannot set terminal process group (-1): Inappropriate ioctl for device
Tim Connors
reportbug at rather.puzzling.org
Fri May 10 06:40:16 UTC 2013
On Fri, 10 May 2013, Tim Connors wrote:
> Actually, the other thing you lose (I presuming caused by acting on bug
> #628843) is tty resizing by SIGWINCH. ttys are really useful, it turns
> out.
>
> I have shedloads of up-to-date security patched RHEL5/6 machines, and I've
> never come across this problem on them. Yep:
> rhel6> su -c -u root 'cat /dev/tty'
> Password:
> asdasda
> asdasda
> debian-wheezy> su -c -u root 'cat /dev/tty'
> Password:
> cat: /dev/tty: No such device or address
>
> Sorry, marking this bug as RC (pity I missed wheezy!), breaks other
> software.
As per some comments in #628843, the way this bug was addressed breaks su
-c to increase privledges. It also breaks su -c to become a user and
execute something interactive. Root isn't going to be doing stupid things
and running scripts that have been compromised (if they are, then they've
got bigger problems), so what's the problem? (why on earth would root ever
su to an untrusted user account?) I think this change should just be
backed out, and a prominent warning about the tty exploit placed in the
manpage.
--
Tim Connors
More information about the Pkg-shadow-devel
mailing list