Is there anything usefull beside breaking my cronjobs? I can't do a su (in my case a su to an account with uid 0 and a shellscript as loginshell, nothing dangerous on this machine because there are no accounts besides mine, but very important for putting new dhcpd.conf's in place and restarting my dhcpd). This is new to rh-6.0 as "strings /bin/su | grep tty" on my 5.x boxes told me. root@rfhpc0014:/usr/src/redhat/SOURCES # more sh-utils-1.16-nostdin.patch --- sh-utils-1.16/src/su.c.nostdin Thu Apr 1 10:26:02 1999 +++ sh-utils-1.16/src/su.c Thu Apr 1 10:32:12 1999 @@ -376,7 +376,6 @@ correct_password (const struct passwd *pw) { #ifdef USE_PAM - /* root always succeeds; this isn't an authentication question (no * extra privs are being granted) so it shouldn't authenticate with PAM. * However, we want to create the pam_handle so that proper credentials @@ -385,6 +384,13 @@ PAM_BAIL_P; if (getuid () == 0) return 1; + + if (!isatty(0)) { + fprintf(stderr, "standard in must be a tty\n"); + exit(1); + } + + retval = pam_authenticate(pamh, 0); PAM_BAIL_P; retval = pam_acct_mgmt(pamh, 0);
Can you supply an example of what this patch breaks?
Remove the patch to fix your problem. Red Hat will not remove the patch because it attempts to prevent using su to acquire another users password.