On 06/06/2012 02:41 PM, Ludwig Nussel wrote: > Bernhard Voelker wrote: >> I am playing around with the --command and --session-command options of su, >> and I noticed that setsid() is only called iff a non-root new_user is given: >> [...] >> Why is the setsid() call dependent on the user? > > First of all, this is a really nasty (mis-)feature. Introduced due to > abuse of su for things it shouldn't be used for in the first place. > The attack scenario are e.g. package %post scripts that execute commands > on behalf of some unprivileged daemon user. If such an account got > compromised the attacker might escalate privileges to root e.g. when > root installs updates for the daemon in question. > setsid() prevents injecting characters into the tty input buffer of root > in this case. > This kind of attack doesn't make sense if the target user is root as > that would mean the root account is compromised already. Thanks for the fast explanation. Have a nice day, Berny -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
