#628843 - login: tty hijacking possible in "su" via TIOCSTI ioctl

Reported by: Daniel Ruoso <daniel@ruoso.com>

Date: Wed, 1 Jun 2011 19:27:02 UTC

Severity: important

Tags: confirmed, help, security

Found in versions shadow/1:4.1.4.2+svn3283-1, shadow/1:4.2-3+deb8u1

Fixed in version 1:4.5-1.1

Done: Jakub Wilk <jwilk@jwilk.net>

Bug is archived. No further changes may be made.

Received: (at 628843) by bugs.debian.org; 20 Aug 2013 23:32:47 +0000
From nekral.lists@gmail.com Tue Aug 20 23:32:47 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02
	(2011-06-06) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=4.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,FREEMAIL_FROM,HAS_BUG_NUMBER,MURPHY_DRUGS_REL8,RCVD_IN_DNSWL_LOW,
	SPF_PASS autolearn=ham version=3.3.2-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 17; hammy, 134; neutral, 49; spammy,
	0. spammytokens: hammytokens:0.000-+--H*r:TLSv1.2, 0.000-+--H*u:1.5.21,
	0.000-+--H*UA:1.5.21, 0.000-+--H*u:2010-09-15, 0.000-+--H*UA:2010-09-15
Return-path: <nekral.lists@gmail.com>
Received: from mail-we0-f180.google.com ([74.125.82.180])
	by buxtehude.debian.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:128)
	(Exim 4.80)
	(envelope-from <nekral.lists@gmail.com>)
	id 1VBvPr-0003Fz-JW; Tue, 20 Aug 2013 23:32:47 +0000
Received: by mail-we0-f180.google.com with SMTP id p61so984073wes.11
        for <multiple recipients>; Tue, 20 Aug 2013 16:32:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=sender:date:from:to:cc:subject:message-id:references:mime-version
         :content-type:content-disposition:content-transfer-encoding
         :in-reply-to:user-agent;
        bh=GTsSJw5QWgZCUwrJ7pGPHpuEC8sLggvDe0lh5f5UONg=;
        b=GQYWssSw+GP5u2cEsAXCfbOQF9I/IX7BUZFDnnyN5XCBz8g8SEBqIn92rRl+8DbR0f
         ICcfXKbgKAs457j0e6xXFEjVYgpaOuTaCuGiTHpd0sEdqZKb6tJEDnnIuecLTNEH5W7+
         QrXnRtiL2MzJvBI+fzsDkBWcWcBeq90Erv4dDKOItJyhdozYJToNhvbNV/u7WYk8En/Y
         p9Hv1VjGKy0iMGhCpn2pNTxcR2bxv2IAd2JWPKhnl4aKpe4XTN+ATzs531s6pJO9p74E
         pr9rtu9Cs8SFDf3F8T+mYdmx0JsC6A6P6Aoovnud4AySyUJWZhws78x2hk1o4d5PFAwI
         ly7g==
X-Received: by 10.180.36.176 with SMTP id r16mr3109637wij.44.1377041559915;
        Tue, 20 Aug 2013 16:32:39 -0700 (PDT)
Received: from nicolas (vau75-9-88-160-172-214.fbx.proxad.net. [88.160.172.214])
        by mx.google.com with ESMTPSA id fz8sm27435248wic.0.1969.12.31.16.00.00
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Tue, 20 Aug 2013 16:32:39 -0700 (PDT)
Sender: Nicolas François <nekral.lists@gmail.com>
Received: from fzt by nicolas with local (Exim 4.80)
	(envelope-from <fzt@nicolas>)
	id 1VBvPh-0005y0-6Z; Wed, 21 Aug 2013 01:32:37 +0200
Date: Wed, 21 Aug 2013 01:32:36 +0200
From: Nicolas François <nicolas.francois@centraliens.net>
To: Wolfgang Zarre <lkdev@essax.com>, 628843@bugs.debian.org
Cc: Tim Connors <reportbug@rather.puzzling.org>, serge.hallyn@ubuntu.com,
	663200@bugs.debian.org, Francois Gouget <fgouget@free.fr>
Subject: Re: Bug#628843: Bug#659878: cannot set terminal process group (-1):
 Inappropriate ioctl for device
Message-ID: <20130820233236.GA22925@nicolas>
References: <alpine.DEB.2.00.1305101512060.32358@maxwell.rather.puzzling.org>
 <alpine.DEB.2.00.1305101539500.24226@dirac.rather.puzzling.org>
 <alpine.DEB.2.00.1305101632400.27160@dirac.rather.puzzling.org>
 <518CCACA.60903@essax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <518CCACA.60903@essax.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

Debian Bug report logs - #628843 login: tty hijacking possible in "su" via TIOCSTI ioctl

Debian Bug report logs - #628843
login: tty hijacking possible in "su" via TIOCSTI ioctl