[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
message-id: <5d43-4df1f880-27-199e2240@89295843>
date: Fri, 10 Jun 2011 12:56:58 +0200
from: "Bernhard Rosenkraenzer" <bero@...linux.ch>
to: oss-security@...ts.openwall.com
Subject: Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl
On Friday, June 10, 2011 11:55 CEST, Ludwig Nussel <ludwig.nussel@...e.de> wrote:
> The issue also reminds me that there are several su implemenations.
> On Fedora and SUSE we have a patched coreutils version, Debian uses
> the one from shadow-utils and then there's also a su from
> SimplePAMApps, used by e.g. Owl. Of course each one has it's own
> quirks and weird features. Does anyone still remember why a
> particular implementation was chosen? :-)
In Ark Linux, we switched from the coreutils one to the shadow-utils one about 2 years ago because the shadow-utils one does what we need (incl. PAM support) without having to port the PAM patch on every new coreutils release.
ttyl
bero
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
