GNU bug report logs - #10010
"su" *should* check on SUID bit

Previous Next

Package: coreutils;

Reported by: Michael Lenz <michael.lenz <at> cs.tu-dortmund.de>

Date: Thu, 10 Nov 2011 08:08:02 UTC

Severity: wishlist

Tags: confirmed

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Michael Lenz <michael.lenz <at> cs.tu-dortmund.de>
To: bug-coreutils <at> gnu.org
Subject: "su" *should* check on SUID bit
Date: Thu, 10 Nov 2011 08:38:09 +0100

Good morning,

just yesterday I stumbled across a little problem in su when I 
recursively fucked up the ownership of "/" on a colocated box..

Thereafter I could ssh into that box as an unprivileged user, but was 
unable to use sudo, because SETUID root was missing on it as sudo kindly 
told me.
Aaand I was unable to su to root, due to an "invalid password", which 
was strange..

I thougt I knew the password and tried several permutations of it, but 
none worked, so I got my root's password reset by a local operator.
Guess what: The box didn't want to "su" me to root with the new password 
either, but I could ssh into the box with root <at> HOST and the new password..

After some research I found out that "su" needs to be SUID to root as 
well, but it obviously does not check on this file property.

I therefore advise calling stat() before checking on the user's password 
and eventually throwing an error message.. ;)


Yours,
Michael

PS: If my English sounds/reads somewhat broken... I'm no native speaker 
and tired as hell after a night of trying to fix that box...
This bug report was last modified 6 years and 221 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.