blob: 98425e16a59e46e5cc63e4f1ff66d9cf8b564e65 (
plain) (
tree)
|
|
From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Wed, 04 Dec 2013
Subject: restrict "su -c" only when callee is not root
Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
(CVE-2005-4890) by detaching the controlling terminal in the non-PAM
case via a TIOCNOTTY request.
Bi-directional protection is excessive and breaks a commonly-used
methods for privilege escalation on non-PAM systems (e.g. xterm -e
/bin/su -s /bin/bash -c /bin/bash myscript).
This patch relaxes the restriction and only detaches the controlling
tty when the callee is not root (which is, after all, the threat vector).
---
src/su.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/su.c
+++ b/src/su.c
@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
set_environment (pw);
- if (!doshell) {
+ if (!doshell && pw->pw_uid != 0) {
/* There is no need for a controlling terminal.
* This avoids the callee to inject commands on
- * the caller's tty. */
+ * the caller's tty when the callee is not root. */
int err = -1;
#ifdef USE_PAM
|
