Re: Broken su in current - trying to fix myself, help needed!

From: 韓家標 Bill Hacker <askbill_at_conducive.net>
Date: Wed, 17 Oct 2007 15:16:12 -0400
Andrey Chernov wrote:
> On Wed, Oct 17, 2007 at 10:32:16PM +0400, Artem Kuchin wrote:
>> There are such like in the default: dection of switch
>>
>>                child_pgrp = getpgid(child_pid);
>>                if (tcgetpgrp(STDERR_FILENO) == child_pgrp)
>>                        tcsetpgrp(STDERR_FILENO, getpgrp());
>>
>>
>> The problem is here.
>> getpgid(child_pid) simply fails with errno 3 (process doesn't exist)
> 
> The question is: why getpgid() fails while process really exists (in 
> stopped state)?
> 

Are we even chasing the correct animal here?

Are the tests being run as root?

If not, is the stalled state perhaps seen as a privilege-escalation issue?

Or that the PID sought exists, but not as belonging to or permitted to be known 
to the current EUID:EGID?

Or that the EUID:EGUID su'ed to simply has a different login shell invoked than 
that used by the caller's UID or the script?

IOW - not seeing a lesser-than root:wheel user being su'ed to, and not seeing a 
pwd requested and responded to that root:wheel should ask for unless the caller 
is *already* root:wheel, is there actually something 'broken' in su - or has 
security simply been made more rigourous between 6.X and 7.X?


Bill
Received on Wed Oct 17 2007 - 17:16:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:19 UTC