|Subject:||bug#10010: "su" *should* check on SUID bit|
|Date:||Thu, 10 Nov 2011 08:38:09 +0100|
|User-agent:||Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111108 Thunderbird/8.0|
Good morning,just yesterday I stumbled across a little problem in su when I recursively fucked up the ownership of "/" on a colocated box..
Thereafter I could ssh into that box as an unprivileged user, but was unable to use sudo, because SETUID root was missing on it as sudo kindly told me. Aaand I was unable to su to root, due to an "invalid password", which was strange..
I thougt I knew the password and tried several permutations of it, but none worked, so I got my root's password reset by a local operator. Guess what: The box didn't want to "su" me to root with the new password either, but I could ssh into the box with address@hidden and the new password..
After some research I found out that "su" needs to be SUID to root as well, but it obviously does not check on this file property.
I therefore advise calling stat() before checking on the user's password and eventually throwing an error message.. ;)
Yours, MichaelPS: If my English sounds/reads somewhat broken... I'm no native speaker and tired as hell after a night of trying to fix that box...
|[Prev in Thread]||Current Thread||[Next in Thread]|