Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
date: Fri, 10 Jun 2011 12:56:58 +0200
from: "Bernhard Rosenkraenzer" <bero@...linux.ch>
to: oss-security@...ts.openwall.com
Subject: Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl

On Friday, June 10, 2011 11:55 CEST, Ludwig Nussel <ludwig.nussel@...e.de> wrote: 
 
> The issue also reminds me that there are several su implemenations.
> On Fedora and SUSE we have a patched coreutils version, Debian uses
> the one from shadow-utils and then there's also a su from
> SimplePAMApps, used by e.g. Owl. Of course each one has it's own
> quirks and weird features. Does anyone still remember why a
> particular implementation was chosen? :-)


In Ark Linux, we switched from the coreutils one to the shadow-utils one about 2 years ago because the shadow-utils one does what we need (incl. PAM support) without having to port the PAM patch on every new coreutils release.

ttyl
bero

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.