bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: su vulnerability on coreutils 6.9 (64-bit Linux)

From: Eric Blake
Subject: Re: su vulnerability on coreutils 6.9 (64-bit Linux)
Date: Thu, 25 Sep 2008 12:58:30 -0600
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080708 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Brian Biswas on 9/25/2008 9:18 AM:
> I have built the coreutils 6.9 package (the latest)

Actually, the latest is 6.12.

> 
> % su
> 
> I become root. No password asked!

There's more than one su implementation out there.  Are you sure this is
coreutils' version?  Besides, the coreutils version is not as popular
these days, and we are considering retiring it (at any rate, it is no
longer built by default in coreutils 6.12).  At this point, you'd need to
strace the call to see which system calls are being used (or skipped).

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjb31YACgkQ84KuGfSFAYC8DACfVku8C59MQ5h+1z+uQh5RUr/7
j2EAnR/xWAvAhSniR9ucuxftWm6neTx0
=hNyY
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]