found 1:4.1.5.1-1
This problem still exists in Wheezy.
--
Ismaël RUAU
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hello,
I think Ismaël has a point here:
> I'm bumping this bug to point out that the problem is not 100% fixed.
> Even though "su -c" is now safe, interactive "su" or "su -" are still at
> risk and this should probably be reflected here on the BTS.
I successfully used this on my up-to-date Squ
Hello,
I'm bumping this bug to point out that the problem is not 100% fixed.
Even though "su -c" is now safe, interactive "su" or "su -" are still at
risk and this should probably be reflected here on the BTS.
Unfortunately I don't see any way to fix this without removing the
controlling terminal
Hello,
One more point to be reviewed.
shadow-utils supports also configurations where PAM is not used.
In that case, su does not fork to exec the interactive shell / command, so
I cannot use setsid().
In that case, I intend to use:
#include
#include
#include
#include
#include
int f
Quoting Thijs Kinkhorst (th...@debian.org):
> Hi Christian,
>
> I'm just mailing to confirm that we did record the issue in our tracker and
> to
> point out that this issue is currently also discueed on oss-security:
> http://thread.gmane.org/gmane.comp.security.oss.general/5172
Thanks, Thijs,
Op donderdag 02 juni 2011 07:34:59 schreef Christian PERRIER:
> Security team, I need advice and help here. My co-maintainer for
> shadow, Nicolas, is more or less MIA, so I'm left nearly alone to
> maintain shadow. As Nicolas was also upstream, you understand how
> desperate is my situation..:-)
>
Hello,
Here is a patch proposal. It forwards the right signal to the child also
supports SIGTSTP.
I would appreciate if this could be reviewed by somebody more confident
with signal processing than me.
I expect sudo to have the same issue.
Also sg probably has the same issue (i.e. it cannot be
On Thu, Jun 02, 2011 at 07:34:59AM +0200, Christian PERRIER wrote:
> My expertise is, as you may expect, way outreached. So, in short, what
> I need is someone with enough expertise to look at this bug report and
> help deciding if adopting Redhat's patch is correct (assuming it
> applies: I'm not
Processing commands for cont...@bugs.debian.org:
> tags 628843 help security
Bug #628843 [login] login: tty hijacking possible in "su" via TIOCSTI ioctl
Added tag(s) security and help.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
628843: http://bugs.debian.org/
-devel] Bug#628843: login: tty hijacking possible in "su"
via TIOCSTI ioctl
Reply-To: Daniel Ruoso , 628...@bugs.debian.org
X-CRM114-Status: Good ( pR: 39.0933 )
Package: login
Version: 1:4.1.4.2+svn3283-2+squeeze1
Severity: critical
After investigating why RedHat have a different behavior rega
Package: login
Version: 1:4.1.4.2+svn3283-2+squeeze1
Severity: critical
After investigating why RedHat have a different behavior regarding "su -c" I
found out that there was a patch in RedHat to prevent tty hijacking when using
"su -c".
What makes the hijacking possible is that "su -c" still give
11 matches
Mail list logo
