Bug 1304426 - [rfe] /bin/su should be improved to reduce stack use
Summary: [rfe] /bin/su should be improved to reduce stack use
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: util-linux
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Karel Zak
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-03 14:59 UTC by Striker Leggette
Modified: 2019-12-16 05:21 UTC (History)
2 users (show)

Fixed In Version: util-linux-2.23.2-31.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 21:26:51 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2605 normal SHIPPED_LIVE Low: util-linux security, bug fix, and enhancement update 2016-11-03 12:13:26 UTC

Description Striker Leggette 2016-02-03 14:59:35 UTC
[+] Description of problem:
 /bin/su should print a warning if stack size is a low number

[+] Version-Release number of selected component (if applicable):


[+] How reproducible:
Always

[+] Steps to Reproduce:
1. $ ulimit -s 275
2. $ su
3.

[+] Actual results:
$ /bin/su
Segmentation fault

[+] Expected results:
$ /bin/su
Warning - stack size is $(ulimit -s)
This may cause unwanted results
Segmentation fault

[+] Additional info:
As of util-linux 2.23.2-26.el7, the tested minimal required stack size is 276.  Anything lower will cause /bin/su to segfault.  The /bin/su application should have an if, then (example) rule that if it matches 300 (example number) or lower, it prints a warning.

Comment 1 Striker Leggette 2016-02-03 15:13:20 UTC
Since su is written in C, example:

if ( $(ulimit -s) < 300 )
    printf( "Warning - stack size is less than 300" );

Or, a more long-term solution would be to implement a separate function that allows itself to calculate it's own stack requirement and then match that against what is available and cleanly exit if the requirement is less than available.

Comment 2 Striker Leggette 2016-02-03 15:15:40 UTC
By "cleanly exit if the requirement is less than available" I meant "cleanly exit if the requirement is greater than available".

Comment 10 Mike McCune 2016-03-28 22:54:17 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 15 errata-xmlrpc 2016-11-03 21:26:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2605.html


Note You need to log in before you can comment on or make changes to this bug.