bug#10010: "su" *should* check on SUID bit

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#10010: "su" should check on SUID bit

From:	Michael Lenz
Subject:	bug#10010: "su" should check on SUID bit
Date:	Thu, 10 Nov 2011 08:38:09 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111108 Thunderbird/8.0

Good morning,

just yesterday I stumbled across a little problem in su when Irecursively fucked up the ownership of "/" on a colocated box..

Thereafter I could ssh into that box as an unprivileged user, but wasunable to use sudo, because SETUID root was missing on it as sudo kindlytold me.Aaand I was unable to su to root, due to an "invalid password", whichwas strange..

I thougt I knew the password and tried several permutations of it, butnone worked, so I got my root's password reset by a local operator.Guess what: The box didn't want to "su" me to root with the new passwordeither, but I could ssh into the box with address@hidden and the new password..

After some research I found out that "su" needs to be SUID to root aswell, but it obviously does not check on this file property.

I therefore advise calling stat() before checking on the user's passwordand eventually throwing an error message.. ;)



Yours,
Michael

PS: If my English sounds/reads somewhat broken... I'm no native speakerand tired as hell after a night of trying to fix that box...

[Prev in Thread]

Current Thread

[Next in Thread]

bug#10010: "su" *should* check on SUID bit, Michael Lenz <=
- bug#10010: "su" *should* check on SUID bit, Bob Proulx, 2011/11/10

Prev by Date: bug#9995: problem about sort -u -k
Next by Date: bug#10010: "su" *should* check on SUID bit
Previous by thread: bug#10003: DF command
Next by thread: bug#10010: "su" *should* check on SUID bit
Index(es):
- Date
- Thread