su vulnerability on coreutils 6.9 (64-bit Linux)

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

su vulnerability on coreutils 6.9 (64-bit Linux)

From:	Brian Biswas
Subject:	su vulnerability on coreutils 6.9 (64-bit Linux)
Date:	Thu, 25 Sep 2008 11:18:24 -0400

I have built the coreutils 6.9 package (the latest) on a 64-bit x86Linux system (Linux 2.6).


If as myself (not root) I type:

% su

I become root. No password asked!

Note: This software resides in AFS space. If I build it locally, theproblem does not occur.

BTW, I've also built coreutils 6.9 on the following platforms (all outof AFS space):


        Solaris 9
        Solaris 10 (SPARC and x86)
        Mac OS X
        AIX 5.3
        Linux 2.4
        Linux 2.6 (32-bit)

None of them have this problem.

[Prev in Thread]

Current Thread

[Next in Thread]

su vulnerability on coreutils 6.9 (64-bit Linux), Brian Biswas <=
- Re: su vulnerability on coreutils 6.9 (64-bit Linux), Eric Blake, 2008/09/25
  - Message not available
    - Re: su vulnerability on coreutils 6.9 (64-bit Linux), Eric Blake, 2008/09/25
  - Message not available
    - Re: su vulnerability on coreutils 6.9 (64-bit Linux), Eric Blake, 2008/09/25
- Re: su vulnerability on coreutils 6.9 (64-bit Linux), Bob Proulx, 2008/09/25

Prev by Date: Re: mv missing destination operand message
Next by Date: Re: su vulnerability on coreutils 6.9 (64-bit Linux)
Previous by thread: two "make distcheck"-related patches
Next by thread: Re: su vulnerability on coreutils 6.9 (64-bit Linux)
Index(es):
- Date
- Thread