[Pkg-shadow-devel] TTY handling in su when executing code in lower-privileged context

halfdog me at halfdog.net
Sat Nov 10 17:09:36 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear developers,

Could you please check, if the upstream su - variant can be abused to
trick an unexperienced administrator to assist in local-root privilege
escalation (see [1]).

If yes, could you please add following to the man page "CAVEATS" section?

"Using su to execute commands as an untrusted user from an interactive
shell may allow the untrusted user to escalate privileges to the user
running the shell."

hd

[1] http://www.halfdog.net/Security/2012/TtyPushbackPrivilegeEscalation/

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCeiikACgkQxFmThv7tq+67vACfRotunNVD8P7KsTcmQ8BNOhLk
PZMAnRmzjXgwiVqUb9w2HTO60NjPX7A+
=bB+H
-----END PGP SIGNATURE-----



More information about the Pkg-shadow-devel mailing list