mirror of
https://gitlab.com/mateslackbuilds/msb.git
synced 2025-01-01 06:19:53 +01:00
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
|
From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
|
||
|
|
From: mancha <mancha1@hush.com>
|
||
|
|
Date: Wed, 04 Dec 2013
|
||
|
|
Subject: restrict "su -c" only when callee is not root
|
||
|
|
|
||
|
|
Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
|
||
|
|
(CVE-2005-4890) by detaching the controlling terminal.
|
||
|
|
|
||
|
|
Omni-directional protection is excessive and breaks commonly-used
|
||
|
|
methods for privilege escalation. Breakage is particularly severe
|
||
|
|
on non-PAM systems.
|
||
|
|
|
||
|
|
This patch relaxes the restriction and only detaches the controlling
|
||
|
|
tty when the callee is not root. After all, we are not overly concerned
|
||
|
|
with root injecting commands to non-privileged users.
|
||
|
|
|
||
|
|
---
|
||
|
|
src/su.c | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
--- a/src/su.c
|
||
|
|
+++ b/src/su.c
|
||
|
|
@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
|
||
|
|
|
||
|
|
set_environment (pw);
|
||
|
|
|
||
|
|
- if (!doshell) {
|
||
|
|
+ if (!doshell && pw->pw_uid != 0) {
|
||
|
|
/* There is no need for a controlling terminal.
|
||
|
|
* This avoids the callee to inject commands on
|
||
|
|
- * the caller's tty. */
|
||
|
|
+ * the caller's tty when the callee is not root. */
|
||
|
|
int err = -1;
|
||
|
|
|
||
|
|
#ifdef USE_PAM
|