Error message due to nested setuids
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shadow (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Hi,
when running a simple command like
su -s /bin/sh -c "/bin/date" www-data
I get an error message like
pam_mount(
(I am just trying to figure out why /etc/cron.
It seems as if all this pam stuff is meanwhile that nested and felted, that it fails to perform basic functionalities.
Furthermore, it might be dangerous to treat /var/www (which is the home directory of www-data) as a regular home directory, since - depending on your local configuration - the directory might be writable from outside, e.g. when using a web server as a writable server for streaming and other things with webdav. Once someone is able to write e.g. a .login or .profile into /var/www , running cronjobs with su www-data (like in /etc/cron.
Not a good idea...
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: login 1:4.1.4.
ProcVersionSign
Uname: Linux 2.6.38-11-generic x86_64
Architecture: amd64
Date: Sun Aug 7 11:21:49 2011
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1)
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/tcsh
SourcePackage: shadow
UpgradeStatus: Upgraded to natty on 2011-07-29 (9 days ago)
| Hadmut Danisch (hadmut) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
