Bug 1274

Summary: 'su' reads pwd from stdin
Product: [Retired] Red Hat Linux Reporter: borgia
Component: sh-utilsAssignee: Cristian Gafton <gafton>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 5.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-03-31 20:51:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description borgia 1999-02-22 08:10:01 UTC 
The fact that 'su' reads the password from stdin allows any
user to fake a login prompt and collect other users'
passwords. I've not been able to get a shell out of this
bug, but execution of commands as another user is indeed
possible.
Solution: compile 'su' so that it does not read the password
from stdin (as other dists do)
Comment 1 Jay Turner 1999-03-26 20:09:59 UTC 
Erik please verify if this is incorrect, and please close it if so.
Comment 2 Jay Turner 1999-03-26 20:36:59 UTC 
Christian, look at this and verify that is incorrect, if so then
please close it.
Comment 3 Erik Troan 1999-03-31 20:51:59 UTC 
fixed in sh-utils-1.16-18