Bug 68569 - su doesn't do the right checks before calling chdir()
su doesn't do the right checks before calling chdir()
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: sh-utils (Show other bugs)
7.3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-07-11 06:14 EDT by Johnny Mnemonic
Modified: 2007-04-18 12:44 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-04 16:31:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Johnny Mnemonic 2002-07-11 06:14:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605

Description of problem:
The strace output for su - user is quite self-explanatory:

time(NULL)                              = 1026381455
setfsuid32(0x321)                       = 0
chdir("/home/web/someuser")              = -1 EACCES (Permission denied)

the problem is that "web" has a 750 permission and is owned by root.
SU should actually call setfsgid() before doing that chdir() call, cause my
setup is legal. (in fact it gives an error but then you can happily cd ~ and do
your stuff.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. see the description, most information is there
2. give read permission to a homedirectory only to the user's group
3. su - that user
	

Additional info:
Comment 1 Bernhard Rosenkraenzer 2002-08-29 15:08:21 EDT
Fixed in 2.0.12-2
Comment 2 Bill Nottingham 2006-08-04 16:31:32 EDT
Red Hat Linux and Red Hat Powertools are currently no longer supported by Red
Hat, Inc. In an effort to clean up bugzilla, we are closing all bugs in MODIFIED
state for these products.

However, we do want to make sure that nothing important slips through the
cracks. If, in fact, these issues are not resolved in a current Fedora Core
Release (such as Fedora Core 5), please open a new issues stating so. Thanks.

Note You need to log in before you can comment on or make changes to this bug.