From unknown Mon Jun 23 21:53:22 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#10010 <10010@debbugs.gnu.org> To: bug#10010 <10010@debbugs.gnu.org> Subject: Status: "su" *should* check on SUID bit Reply-To: bug#10010 <10010@debbugs.gnu.org> Date: Tue, 24 Jun 2025 04:53:22 +0000 retitle 10010 "su" *should* check on SUID bit reassign 10010 coreutils submitter 10010 Michael Lenz severity 10010 wishlist tag 10010 confirmed thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 03:07:33 2011 Received: (at submit) by debbugs.gnu.org; 10 Nov 2011 08:07:33 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1ROPfX-0007wu-CU for submit@debbugs.gnu.org; Thu, 10 Nov 2011 03:07:32 -0500 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1ROPDU-0007J5-KA for submit@debbugs.gnu.org; Thu, 10 Nov 2011 02:38:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ROPDF-0001hF-DE for submit@debbugs.gnu.org; Thu, 10 Nov 2011 02:38:18 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([140.186.70.17]:60152) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ROPDF-0001h9-Bm for submit@debbugs.gnu.org; Thu, 10 Nov 2011 02:38:17 -0500 Received: from eggs.gnu.org ([140.186.70.92]:46033) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ROPDE-0000rb-BM for bug-coreutils@gnu.org; Thu, 10 Nov 2011 02:38:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ROPDB-0001e5-Bx for bug-coreutils@gnu.org; Thu, 10 Nov 2011 02:38:16 -0500 Received: from honeydew.cs.uni-dortmund.de ([129.217.4.43]:48520) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ROPDB-0001d6-1B for bug-coreutils@gnu.org; Thu, 10 Nov 2011 02:38:13 -0500 Received: from postamt.cs.uni-dortmund.de (postamt [129.217.4.40]) by honeydew.cs.uni-dortmund.de with ESMTP id pAA7c9F7012569 for ; Thu, 10 Nov 2011 08:38:09 +0100 (MET) Received: from [11.13.17.24] (ip-95-223-107-164.unitymediagroup.de [95.223.107.164]) (authenticated bits=0) by postamt.cs.uni-dortmund.de (8.12.6/8.12.6) with ESMTP id pAA7c86s022345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 10 Nov 2011 08:38:09 +0100 (MET) Message-ID: <4EBB7F61.9050605@cs.tu-dortmund.de> Date: Thu, 10 Nov 2011 08:38:09 +0100 From: Michael Lenz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111108 Thunderbird/8.0 MIME-Version: 1.0 To: bug-coreutils@gnu.org Subject: "su" *should* check on SUID bit Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Solaris 10 (beta) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.17 X-Spam-Score: -6.0 (------) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 10 Nov 2011 03:07:29 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.0 (------) Good morning, just yesterday I stumbled across a little problem in su when I recursively fucked up the ownership of "/" on a colocated box.. Thereafter I could ssh into that box as an unprivileged user, but was unable to use sudo, because SETUID root was missing on it as sudo kindly told me. Aaand I was unable to su to root, due to an "invalid password", which was strange.. I thougt I knew the password and tried several permutations of it, but none worked, so I got my root's password reset by a local operator. Guess what: The box didn't want to "su" me to root with the new password either, but I could ssh into the box with root@HOST and the new password.. After some research I found out that "su" needs to be SUID to root as well, but it obviously does not check on this file property. I therefore advise calling stat() before checking on the user's password and eventually throwing an error message.. ;) Yours, Michael PS: If my English sounds/reads somewhat broken... I'm no native speaker and tired as hell after a night of trying to fix that box... From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 10 12:00:47 2011 Received: (at 10010) by debbugs.gnu.org; 10 Nov 2011 17:00:47 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1ROXza-00045E-5C for submit@debbugs.gnu.org; Thu, 10 Nov 2011 12:00:46 -0500 Received: from joseki.proulx.com ([216.17.153.58]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1ROXzV-00044z-Dw; Thu, 10 Nov 2011 12:00:44 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 840E5211D1; Thu, 10 Nov 2011 10:00:26 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 422102DCD0; Thu, 10 Nov 2011 10:00:26 -0700 (MST) Date: Thu, 10 Nov 2011 10:00:26 -0700 From: Bob Proulx To: Michael Lenz Subject: Re: bug#10010: "su" *should* check on SUID bit Message-ID: <20111110170026.GA15704@hysteria.proulx.com> References: <4EBB7F61.9050605@cs.tu-dortmund.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4EBB7F61.9050605@cs.tu-dortmund.de> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -2.5 (--) X-Debbugs-Envelope-To: 10010 Cc: 10010@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.5 (--) severity 10010 wishlist tags 10010 + confirmed thanks Michael Lenz wrote: > just yesterday I stumbled across a little problem in su when I > recursively fucked up the ownership of "/" on a colocated box.. Ouch! And of course it is remote making it twice as difficult to repair. I feel for you. How extensive was problem? > Thereafter I could ssh into that box as an unprivileged user, but > was unable to use sudo, because SETUID root was missing on it as > sudo kindly told me. Does that mean that sudo lost the suid but was still owned by root? Or that sudo's ownership had also changed along with / to something else? > Aaand I was unable to su to root, due to an "invalid password", > which was strange.. And I am sure very frustrating at the time. > I thougt I knew the password and tried several permutations of it, > but none worked, so I got my root's password reset by a local > operator. > Guess what: The box didn't want to "su" me to root with the new > password either, but I could ssh into the box with root@HOST and the > new password.. Oh good. You found an avenue to log in as root. The running sshd daemon had previously been started with superuser permissions and so could spawn other processes as root without need for suid-root capability. > After some research I found out that "su" needs to be SUID to root > as well, but it obviously does not check on this file property. There are many system programs that need to be sui-root in order to operate correctly. I have 27 on my system at the moment. The su program will need access to the protected /etc/shadow file in order to obtain access to the encrypted passwords stored there. > I therefore advise calling stat() before checking on the user's > password and eventually throwing an error message.. ;) One problem is that different systems have such wildly different security access models that it is hard to generalize. SELinux for example hardly has a 'root' model. Others are completely different. This means that the program needs privileges to do at least two separate things. One is to be able to authenticate the user such as by being able to read the /etc/shadow file. The other is that it needs to be able to spawn a shell by the specified user. Having good error messages in both cases is desirable and they may be different. But it is hard to check for every possible failure that might occur on a system because there are an infinite number of ways for a system to be broken. But first, we need to check one very particular thing. You didn't say what system you were running this upon. Not every system uses the coreutils su for the system su command. Some run su from other projects. What does 'su --version' say on your system? su --version Just to check that the reporting is to the right project and not to one of the other su implementations. In any case, I did try this using GNU coreutils su (of an older vintage) and this was the result: # chmod u-s /bin/su # ls -l /bin/su -rwxr-xr-x 1 root root 39948 2008-11-03 04:11 /bin/su $ su Password: su: incorrect password That does seem less than friendly and seems like it would be good to be improved. Thanks Bob From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 18 21:45:06 2018 Received: (at 10010) by debbugs.gnu.org; 19 Oct 2018 01:45:06 +0000 Received: from localhost ([127.0.0.1]:57948 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gDJqb-0003MW-Ou for submit@debbugs.gnu.org; Thu, 18 Oct 2018 21:45:05 -0400 Received: from mail-it1-f177.google.com ([209.85.166.177]:54287) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gDJqX-0003Iy-Dg; Thu, 18 Oct 2018 21:45:02 -0400 Received: by mail-it1-f177.google.com with SMTP id l191-v6so2672279ita.4; Thu, 18 Oct 2018 18:45:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=051qmVi2kd3hAjroZD27ORPBZ13NBAeRIQPzLVPhSsQ=; b=rYehluRUaLOMkwibKyXjNHvDbnYQaobORtpyi/AdBfUohHUTbXqBHY8lpdAKDOPFny Msw0xicpJzO8F5ca63GimPfnqfhnKnszbtfMPcGUSTFbhP6xoiAMNlLaByLWY8CP/Ef7 Lg9qjjZWz8eq4EUlUmmQQAwJOig+Pwrqk4HTQvK7WBWNI67J/2XxCXIo+BtsnS9B8Gtk Nc4Yw2fiXQ4KZsheximIz9aX1EqBM3ffb6DeIPe9VHCAK4lWmj9sseIlNAKvsmViP3Qk PSJcEX5J1RCloE2yalFEOJ7a67qefjkyBNKxzKLx6hn4mavyvVFR+Npq0KxAP9FZqWys heRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=051qmVi2kd3hAjroZD27ORPBZ13NBAeRIQPzLVPhSsQ=; b=X2lPUBdrLlWijto/+zD13S62rgJP/Yub3NXoMvVAG9LOoPBHwByZsSJ8BT4jHect7n hyQA8/BbPxZlvkrxYduPsTTuIceFPAT3kdR5vJYn/rE3/yOg+0YvuZx5Eehr1RNsnR3g PGj9Ekzsav1HstKdlDuag+9D8jr73vuiGIjov/ci74ADyVhNABFZ36ExrgaR95E+Hh52 BoQRQe/m/kG44QTqmmjKpxGjWH1W6umfH50rVN7bSr7tvAc1dN4Gn1+yKkoV5mFewycN u7UfOkOiJDAxoOogLuXtYGnMfxP1QGmapO3BBHFuzZhxG3HMt+h5va/rdwvO/o5vtupp Pl/A== X-Gm-Message-State: ABuFfoioh7Uq3M6CcoVZLr/6KYhRCH4nzSjz/slyHCSvEwqo5aX/WrJ9 77/Q0Dgu/BC3Sq09OkrIYY33vuZSQJw= X-Google-Smtp-Source: ACcGV61Gjf8Oj5znt+7q3fybRTLxei9cT69/dxztXluFfCQllznS5UQdABywYysiamda9LJzDxNo8w== X-Received: by 2002:a02:f4d:: with SMTP id h74-v6mr24875159jad.88.1539913495208; Thu, 18 Oct 2018 18:44:55 -0700 (PDT) Received: from tomato.housegordon.com (moose.housegordon.com. [184.68.105.38]) by smtp.googlemail.com with ESMTPSA id y190-v6sm1655950itg.3.2018.10.18.18.44.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Oct 2018 18:44:54 -0700 (PDT) Subject: Re: bug#10010: "su" *should* check on SUID bit To: 10010@debbugs.gnu.org References: <4EBB7F61.9050605@cs.tu-dortmund.de> <20111110170026.GA15704@hysteria.proulx.com> From: Assaf Gordon Message-ID: Date: Thu, 18 Oct 2018 19:44:52 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20111110170026.GA15704@hysteria.proulx.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 10010 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) close 10010 stop (triaging old bugs) Hello, On 10/11/11 10:00 AM, Bob Proulx wrote: > severity 10010 wishlist > tags 10010 + confirmed > > Michael Lenz wrote: > >> Aaand I was unable to su to root, due to an "invalid password", >> which was strange.. > > That does seem less than friendly and seems like it would be good to > be improved. > In the 7 years since this report, coreutils' su(1) was effectively decommissioned, to be replaced by su implementation from other packages (e.g. 'shadow' and 'util-linux'). As such, even though this is a confirmed deficiency, I'm closing the bug. Discussion can continue by replying to this thread. regards, -assaf From unknown Mon Jun 23 21:53:22 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 16 Nov 2018 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator