[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: su vulnerability on coreutils 6.9 (64-bit Linux)
From: |
Eric Blake |
Subject: |
Re: su vulnerability on coreutils 6.9 (64-bit Linux) |
Date: |
Thu, 25 Sep 2008 12:58:30 -0600 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080708 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Brian Biswas on 9/25/2008 9:18 AM:
> I have built the coreutils 6.9 package (the latest)
Actually, the latest is 6.12.
>
> % su
>
> I become root. No password asked!
There's more than one su implementation out there. Are you sure this is
coreutils' version? Besides, the coreutils version is not as popular
these days, and we are considering retiring it (at any rate, it is no
longer built by default in coreutils 6.12). At this point, you'd need to
strace the call to see which system calls are being used (or skipped).
- --
Don't work too hard, make some time for fun as well!
Eric Blake address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjb31YACgkQ84KuGfSFAYC8DACfVku8C59MQ5h+1z+uQh5RUr/7
j2EAnR/xWAvAhSniR9ucuxftWm6neTx0
=hNyY
-----END PGP SIGNATURE-----