|
From: | Michael Lenz |
Subject: | bug#10010: "su" *should* check on SUID bit |
Date: | Thu, 10 Nov 2011 08:38:09 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111108 Thunderbird/8.0 |
Good morning,just yesterday I stumbled across a little problem in su when I recursively fucked up the ownership of "/" on a colocated box..
Thereafter I could ssh into that box as an unprivileged user, but was unable to use sudo, because SETUID root was missing on it as sudo kindly told me. Aaand I was unable to su to root, due to an "invalid password", which was strange..
I thougt I knew the password and tried several permutations of it, but none worked, so I got my root's password reset by a local operator. Guess what: The box didn't want to "su" me to root with the new password either, but I could ssh into the box with address@hidden and the new password..
After some research I found out that "su" needs to be SUID to root as well, but it obviously does not check on this file property.
I therefore advise calling stat() before checking on the user's password and eventually throwing an error message.. ;)
Yours, MichaelPS: If my English sounds/reads somewhat broken... I'm no native speaker and tired as hell after a night of trying to fix that box...
[Prev in Thread] | Current Thread | [Next in Thread] |