Bug 199066

Summary: su -c does not need to call setsid() when target is root
Product: [Fedora] Fedora Reporter: Russell Coker <russell>
Component: coreutilsAssignee: Tim Waugh <twaugh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: meyering
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.97-6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-21 15:06:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch to fix this bug none

Description Russell Coker 2006-07-16 21:13:40 UTC 
su -c currently calls setsid() to prevent TIOCSTI attacks as described in bug 
173008.

However such protection is not needed when running programs as root, only when 
running programs with lesser or incomparable privileges than the calling code.

The attached patch makes "su root -c command" not call setsid() and also gives 
a command-line option -C which does the same as -c but doesn't call setsid() 
(note that it's very important that the default option calls setsid() to deal 
with some proprietary software that uses "su -c" in system scripts).
Comment 1 Russell Coker 2006-07-16 21:13:40 UTC 
Created attachment 132532 [details]
patch to fix this bug
Comment 3 Tim Waugh 2006-07-21 13:22:23 UTC 
Fixed in CVS.