Re: [oss-security] CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl

On Friday, June 10, 2011 11:55 CEST, Ludwig Nussel <ludwig.nussel@suse.de> wrote:
 
> The issue also reminds me that there are several su implemenations.
> On Fedora and SUSE we have a patched coreutils version, Debian uses
> the one from shadow-utils and then there's also a su from
> SimplePAMApps, used by e.g. Owl. Of course each one has it's own
> quirks and weird features. Does anyone still remember why a
> particular implementation was chosen? :-)

In Ark Linux, we switched from the coreutils one to the shadow-utils one about 2 years ago because the shadow-utils one does what we need (incl. PAM support) without having to port the PAM patch on every new coreutils release.

ttyl
bero

• This message: [ Message body ]
• Next message: Timo Warns: "[oss-security] CVE request: buffer overflow in tftp-hpa"
• Previous message: Ludwig Nussel: "Re: [oss-security] CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl"
• In reply to: Ludwig Nussel: "Re: [oss-security] CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl"
• Next in thread: Ludwig Nussel: "Re: [oss-security] /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl)"
• Reply: Ludwig Nussel: "Re: [oss-security] /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]