this is from a friend of mine, running potato, whose su binary goes bananas in terms of memory allocation when it is called on a tty. on a pts, nothing like this happens... since the idea that it might be a binary problem came up, I did a little strace(1)'ing, and to my surprise, I saw quite a few errno returns. then again, I know nothing about what goes on in the su binary as far as system calls go, so I wouldn't know if it's ordinary to have 35 fails like that: #strace -o foo.out su #grep '\-1\ E[A-Z]*' foo.out > errs open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied) open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory) connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) readlink("/proc/self/fd/0", 0xbffffa0c, 511) = -1 EACCES (Permission denied) access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied) access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied) access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied) access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) readlink("/proc/self/fd/0", 0x8054720, 4095) = -1 EACCES (Permission denied) access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) the ld.so.preload is no biggie, but somehow, the /proc, /dev/null, and /var/run references make me quiver... first, /dev/null is *not* a directory, but /bin/su seems to try to open it as one. second, /proc/self/fd/0 (stdin), should definitely be readable... third, so should the /var/run references, because su is suid! it seems as if su is dropping root privileges way too soon! does anyone have any experience with this? martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck -- "i wish there was a knob on the tv to turn up the intelligence. there's a knob called 'brightness', but it doesn't seem to work." -- gallagher
Attachment:
pgpGFhRdQ2zzw.pgp
Description: PGP signature