oss-sec mailing list archives
Re: Are `su user' and/or `sudo -u user sh' considered dangerous?
From: Georgi Guninski <guninski () guninski com>
Date: Wed, 13 Jun 2018 10:40:43 +0300
On Tue, Jun 12, 2018 at 01:38:36PM +0200, Jakub Wilk wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=173008 (CVE-2005-4890) It was last discussed on oss-security in 2017: http://seclists.org/oss-sec/2017/q2/412
Thanks. The readhat link is fixed in su in 2005. Is there POC for relatively new distros? I couldn't make TIOCSTI work at all in debian 8 and 9.
Current thread:
- Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Todd C. Miller (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 14)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 15)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 12)