[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: Re: suing on debian tty

this is from a friend of mine, running potato, whose su binary goes
bananas in terms of memory allocation when it is called on a tty. on a
pts, nothing like this happens...

since the idea that it might be a binary problem came up, I did
a little strace(1)'ing, and to my surprise, I saw quite a few
errno returns.  then again, I know nothing about what goes on in
the su binary as far as  system calls go, so I wouldn't know if
it's ordinary to have 35 fails like that:

#strace -o foo.out su
#grep '\-1\ E[A-Z]*' foo.out > errs

open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied)
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory)
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory)
readlink("/proc/self/fd/0", 0xbffffa0c, 511) = -1 EACCES (Permission denied)
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR)           = -1 EACCES (Permission denied)
open("/etc/shadow", O_RDONLY)           = -1 EACCES (Permission denied)
readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied)
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR)           = -1 EACCES (Permission denied)
readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied)
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR)           = -1 EACCES (Permission denied)
readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied)
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR)           = -1 EACCES (Permission denied)
readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied)
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR)           = -1 EACCES (Permission denied)


the ld.so.preload is no biggie, but somehow, the /proc, /dev/null, and
/var/run references make me quiver...

first, /dev/null is *not* a directory, but /bin/su seems to try to
open it as one.

second, /proc/self/fd/0 (stdin), should definitely be readable...

third, so should the /var/run references, because su is suid!

it seems as if su is dropping root privileges way too soon!


does anyone have any experience with this?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
-- 
"i wish there was a knob on the tv to turn up the intelligence.
 there's a knob called 'brightness', but it doesn't seem to work."
                                                          -- gallagher

Attachment: pgpGFhRdQ2zzw.pgp
Description: PGP signature

Reply to: