There appears to be a small bug in su. By definition, the -s or --shell
switch should run SHELL, only if it's permitted by /etc/shells (as stated
by the man page and by running 'su --help'). It appears that su never
attempts to actually verify the shell in /etc/shells, and will happily run
any command (similar to -c).
This is really a nit-pick, but it does go against the documentation. See
below for a possible fix.
---------
Example:
<william>/home/spc% file /usr/bin/uptime
/usr/bin/uptime: ELF 32-bit LSB executable, Intel 80386, version 1,
dynamically linked (uses shared libs), stripped
<william>/home/spc% cat /etc/shells
/bin/bash
/bin/sh
/bin/ash
/bin/bsh
/bin/bash2
/bin/tcsh
/bin/csh
<william>/home/spc% su - -s /usr/bin/uptime
Password:
3:08pm up 8 days, 12 min, 14 users, load average: 0.03, 0.15, 0.09
<william>/home/spc% whoami
spc
---------
I recommend the following change to the program.
564a565,570
>
> if(shell !=0 && getuid() && restricted_shell(shell))
> {
> error(0, 0, _("Shell %s is not valid"), shell);
> shell=DEFAULT_SHELL;
> }
For reference, I'm running RedHat 6.2 on a Pentium II 400 MHz system. I
am using the pristine source from the link below as my reference.
ftp://ftp.gnu.org/gnu/sh-utils/sh-utils-2.0.tar.gz
Please let me know if you have any questions or if there is anything else
I can do. Would this be appropriate to post to BugTraq?
Thank you,
Stanton Champion
[EMAIL PROTECTED]
