Bernhard Voelker wrote: > I am playing around with the --command and --session-command options of su, > and I noticed that setsid() is only called iff a non-root new_user is given: > [...] > Why is the setsid() call dependent on the user? First of all, this is a really nasty (mis-)feature. Introduced due to abuse of su for things it shouldn't be used for in the first place. The attack scenario are e.g. package %post scripts that execute commands on behalf of some unprivileged daemon user. If such an account got compromised the attacker might escalate privileges to root e.g. when root installs updates for the daemon in question. setsid() prevents injecting characters into the tty input buffer of root in this case. This kind of attack doesn't make sense if the target user is root as that would mean the root account is compromised already. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
