date: Fri, 10 Jun 2011 12:56:58 +0200 from: "Bernhard Rosenkraenzer" <bero@...linux.ch> to: oss-security@...ts.openwall.com Subject: Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl On Friday, June 10, 2011 11:55 CEST, Ludwig Nussel <ludwig.nussel@...e.de> wrote: > The issue also reminds me that there are several su implemenations. > On Fedora and SUSE we have a patched coreutils version, Debian uses > the one from shadow-utils and then there's also a su from > SimplePAMApps, used by e.g. Owl. Of course each one has it's own > quirks and weird features. Does anyone still remember why a > particular implementation was chosen? :-) In Ark Linux, we switched from the coreutils one to the shadow-utils one about 2 years ago because the shadow-utils one does what we need (incl. PAM support) without having to port the PAM patch on every new coreutils release. ttyl bero
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.