I am playing around with the --command and --session-command options of su,
and I noticed that setsid() is only called iff a non-root new_user is given:
if (request_same_session || !command || !pw->pw_uid)
same_session = 1;
...
if (!same_session)
setsid ();
Why is the setsid() call dependent on the user?
The commit and the bug behind it don't give an answer
(c6a1746b5f5247b2fccaf5c7f68da3852a02e4fc):
call setsid() when called with -c
Prevents command injection via TIOCSTI
https://bugzilla.redhat.com/show_bug.cgi?id=173008
Have a nice day,
Berny
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
