199066 – su -c does not need to call setsid() when target is root

Bug 199066 - su -c does not need to call setsid() when target is root

Summary: su -c does not need to call setsid() when target is root

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coreutils
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-07-16 21:13 UTC by Russell Coker
Modified:	2018-11-27 19:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:	5.97-6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-07-21 15:06:24 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
patch to fix this bug (2.75 KB, patch) 2006-07-16 21:13 UTC, Russell Coker	no flags	Details \| Diff
View All

Description Russell Coker 2006-07-16 21:13:40 UTC

su -c currently calls setsid() to prevent TIOCSTI attacks as described in bug 
173008.

However such protection is not needed when running programs as root, only when 
running programs with lesser or incomparable privileges than the calling code.

The attached patch makes "su root -c command" not call setsid() and also gives 
a command-line option -C which does the same as -c but doesn't call setsid() 
(note that it's very important that the default option calls setsid() to deal 
with some proprietary software that uses "su -c" in system scripts).

Comment 1 Russell Coker 2006-07-16 21:13:40 UTC

Created attachment 132532 [details]
patch to fix this bug

Comment 3 Tim Waugh 2006-07-21 13:22:23 UTC

Fixed in CVS.

Note You need to log in before you can comment on or make changes to this bug.