From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Wed, 04 Dec 2013
Subject: restrict "su -c" only when callee is not root

Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
(CVE-2005-4890) by detaching the controlling terminal.

Omni-directional protection is excessive and breaks commonly-used
methods for privilege escalation. Breakage is particularly severe
on non-PAM systems.

This patch relaxes the restriction and only detaches the controlling
tty when the callee is not root. After all, we are not overly concerned
with root injecting commands to non-privileged users.

---
 src/su.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/src/su.c
+++ b/src/su.c
@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
 
 	set_environment (pw);
 
-	if (!doshell) {
+	if (!doshell && pw->pw_uid != 0) {
 		/* There is no need for a controlling terminal.
 		 * This avoids the callee to inject commands on
-		 * the caller's tty. */
+		 * the caller's tty when the callee is not root. */
 		int err = -1;
 
 #ifdef USE_PAM