https://bugzilla.novell.com/show_bug.cgi?id=716973
https://bugzilla.novell.com/show_bug.cgi?id=716973#c4
--- Comment #4 from Robert Dahlem 2011-09-09 17:11:14 UTC ---
The issue to be avoided was "When starting a program via 'su - user -c program'
the user session can escape to the parent session by using the TIOCSTI ioctl to
push characters into the input buffer. This allows for example a non-root
session to push 'chmod 666 /etc/shadow' or similarly bad commands into the
input buffer such that after the end of the session they are executed". The
corresponding Red Hat bug is https://bugzilla.redhat.com/show_bug.cgi?id=479145
.
In coreutils this is unsolved since at least 2004. The GNU people seem not to
regard this as a pressing issue.
The quick and dirty solution was setsid(). I'm obviously bitten by the dirty
part, "expected fallout" as Ludwig calls it. :-)
Instead of an su wrapper I extracted su.c from the source package and left out
setsid.patch.
Anyway: this bug is not about my local workaround but an openSUSE patch that
breaks functionality (and if I may say: a lot of functionality). Same issue in
SLES11 SP1 btw.
Today there is no way within the openSUSE world to get around the loss of
functionality but uninstalling the update patch and probably falling back to
some other issues which have been patched since then.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.