Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jun 2018 10:40:43 +0300
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: Re: Are `su user' and/or `sudo -u user sh' considered
 dangerous?

On Tue, Jun 12, 2018 at 01:38:36PM +0200, Jakub Wilk wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=173008 (CVE-2005-4890)
> 
> It was last discussed on oss-security in 2017:
> http://seclists.org/oss-sec/2017/q2/412
>
Thanks. The readhat link is fixed in su in 2005.
Is there POC for relatively new distros?
I couldn't make TIOCSTI work at all in debian 8 and 9.
 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ