redhat.su.ghost.bug.txt

1999-08-17T00:00:00
ID PACKETSTORM:11827
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Wed, 16 Jun 1999 13:47:52 +0200  
From: Roman Ramirez <rramirez@encomix.es>  
Reply-To: patowc@encomix.es  
Organization: Intercomputer, S.A.  
To: tattooman@genocide2600.com  
  
Hello:  
  
I think I have found some kind of bug in "su" in Redhat linux versions(  
tested on Redhat 5.2 y Redhat 6.0 )  
  
The problem seems to be when you logon into a Redhat system, with normal  
user priviledges( sample patowc: uid 512 gid 512 ) and enter a superuser  
session with "su".  
  
In that moment superuser kills your "su" session( kill -9 ) and it seems  
as the session is killed, but when you try to continue working randomly  
you get superuser priviledges again, and randomly you get into normal  
user priviledges...  
  
I think the problem could be in two points, in the way "su" manages the  
KILL signal, or in the way it works with the tty.  
  
'Cause i have no time to investigate this, I think it could be  
interesting for you...  
  
Thx for your time...  
  
Greets  
  
  
--   
Departamento de Seguridad - Intercomputer, S.A.  
mailto://rramirez@encomix.es  
http://www.encomix.es/users/patowc  
  
`