On Thu, Jun 02, 2011 at 07:34:59AM +0200, Christian PERRIER wrote: > My expertise is, as you may expect, way outreached. So, in short, what > I need is someone with enough expertise to look at this bug report and > help deciding if adopting Redhat's patch is correct (assuming it > applies: I'm not sure that RH is using the same "su" than we do).
Ok, to give more context to the fix applied by RedHat. What they did was use setsid() to start a new session and remove the controlling terminal from the running command. This removes from the child process the ability to open "/dev/tty", which is how the hijacking works. But doing only that is complicated because the translation of Ctrl+C to SIGINT depends on controlling the tty, so you wouldn't be able to stop the process easily. What they did was simply to add SIGINT to the signal mask that causes the su to exit the waitpit loop. The thing I don't like about RedHat's patch is that it turns a SIGINT on su into a SIGTERM to the process, it would be better to send the same signal received. I don't have the time to do it right now, but I can give a shot on writing a patch that preserves the signal interaction sane, which is not the case in RedHat. daniel
signature.asc
Description: Digital signature