Comment 6 for bug 1223873

Revision history for this message
mancha (mancha1) wrote :

Hello.

This is due to changes introduced in su in shadow 4.1.5 to address CVE-2005-4890. They amount, in sum, to dropping the controlling TTY when su is used non-interactively.

While the threat of command injection does exist, shadow's omni-directional solution is overkill.

As I documented back in May (http://seclists.org/oss-sec/2013/q2/374), crippling "su -c" when escalating privileges (i.e. callee is root) is unwarranted. After all, we're not really worried about root injecting commands to a non-privileged user.

Feel free to use the patch I constructed that addresses the issue being reported when sux (or any other su frontend/wrapper) invokes su non-interactively to escalate privs:

http://sf.net/projects/mancha/files/misc/shadow-4.1.5.1_CVE-2005-4890_relax.diff

--mancha