oss-sec mailing list archives
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl)
From: Nicolas François <nicolas.francois () centraliens net>
Date: Wed, 15 Jun 2011 23:49:06 +0200
Hello, On Wed, Jun 15, 2011 at 09:49:20AM +0200, Ludwig Nussel wrote:
Is there actually any serious distro that doesn't use PAM though? Those #ifdefs to keep old shadow compatibility makes the code rather ugly and hard to read. Maybe it's time to just rip out the old code and submit a clean, PAM only su to util-linux.
I still receive bug reports for shadow-utils for the non-PAM variant. (bug I don't remember if these bugs were reported for su). In my case, I would prefer to keep the su non-PAM variant as long as I would support non-PAM variants for the other tools (or as long as I support su). Regarding distros without PAM, there might be gentoo to be counted in the list (although PAM is enabled by default). Kind Regards, -- Nekral
Current thread:
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl, (continued)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl daniel () ruoso com (Jun 06)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Josh Bressers (Jun 08)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 09)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl daniel () ruoso com (Jun 06)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 10)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Bernhard Rosenkraenzer (Jun 10)
- Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Ludwig Nussel (Jun 15)
- Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Luka Marinko (Jun 15)
- Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Ondrej Vasik (Jun 15)
- Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Nicolas François (Jun 15)
- Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Karel Zak (Jun 20)
- Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Nicolas François (Jun 15)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Bernhard Rosenkraenzer (Jun 10)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Josh Bressers (Jun 21)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 22)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Todd C. Miller (Jun 22)
- Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 28)