Bug 68569
| Summary: | su doesn't do the right checks before calling chdir() | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Johnny Mnemonic <johnny> |
| Component: | sh-utils | Assignee: | Tim Waugh <twaugh> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-08-04 20:31:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in 2.0.12-2 Red Hat Linux and Red Hat Powertools are currently no longer supported by Red Hat, Inc. In an effort to clean up bugzilla, we are closing all bugs in MODIFIED state for these products. However, we do want to make sure that nothing important slips through the cracks. If, in fact, these issues are not resolved in a current Fedora Core Release (such as Fedora Core 5), please open a new issues stating so. Thanks. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605 Description of problem: The strace output for su - user is quite self-explanatory: time(NULL) = 1026381455 setfsuid32(0x321) = 0 chdir("/home/web/someuser") = -1 EACCES (Permission denied) the problem is that "web" has a 750 permission and is owned by root. SU should actually call setfsgid() before doing that chdir() call, cause my setup is legal. (in fact it gives an error but then you can happily cd ~ and do your stuff. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. see the description, most information is there 2. give read permission to a homedirectory only to the user's group 3. su - that user Additional info: