[Pkg-shadow-devel] Bug#663200: Bug#628843: Bug#659878: cannot set terminal process group (-1): Inappropriate ioctl for device

Wolfgang Zarre lkdev at essax.com
Fri May 10 10:24:10 UTC 2013 

As information at present I have a bit more time left in testing and
reworking the patch I sent with #141 which has some smaller issues with
signalling mostly SIGSTOP and SIGCONT and I hope that I can submit the
rework during this weekend.

@Serge
I'm sorry but I couldn't reproduce the behaviour as You submitted with
#146 and therefore I would like to ask You if You could provide me
with the checksums as in the .dsc file, if You run on 32Bit or
64Bit and if You have USE_PAM enabled or not.

Maybe I might be able to improve the patch or to fix that issue.


>> Actually, the other thing you lose (I presuming caused by acting on bug
>> #628843) is tty resizing by SIGWINCH.  ttys are really useful, it turns
>> out.
>>

No, this clearly comes from the tcsetpgrp() call inside bash returning -1 with
errno set to ENOTTY because of the missing controlling tty.


> 
> As per some comments in #628843, the way this bug was addressed breaks su
> -c to increase privledges.  It also breaks su -c to become a user and
> execute something interactive.  Root isn't going to be doing stupid things
> and running scripts that have been compromised (if they are, then they've
> got bigger problems), so what's the problem? (why on earth would root ever
> su to an untrusted user account?) I think this change should just be
> backed out, and a prominent warning about the tty exploit placed in the
> manpage.
> 

But this would be fixed with the patch in #141 without having any restrictions.

However, I don't agree with the statement that 'root' would never su to an
untrusted user account beside that, that from administrator point of view every
user account is 'untrusted' and in fact it is quite often that this happens
that 'root' is su'ing to non privileged users beside using a lot of starting
and maintenance scripts which are invoking su.

IMHO it is better to fix what is fixable to improve quality and safety instead
of making workarounds and warnings.


Best regards
Wolf

More information about the Pkg-shadow-devel mailing list