oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl

From: "Bernhard Rosenkraenzer" <bero () arklinux ch>
Date: Fri, 10 Jun 2011 12:56:58 +0200
On Friday, June 10, 2011 11:55 CEST, Ludwig Nussel <ludwig.nussel () suse de> wrote: 
 

The issue also reminds me that there are several su implemenations.
On Fedora and SUSE we have a patched coreutils version, Debian uses
the one from shadow-utils and then there's also a su from
SimplePAMApps, used by e.g. Owl. Of course each one has it's own
quirks and weird features. Does anyone still remember why a
particular implementation was chosen? :-)



In Ark Linux, we switched from the coreutils one to the shadow-utils one about 2 years ago because the shadow-utils one 
does what we need (incl. PAM support) without having to port the PAM patch on every new coreutils release.

ttyl
bero
Previous By Date Next
Previous By Thread Next

Current thread: