On Mon, Mar 26, 2007 at 02:58:39PM -0300, Ben Armstrong wrote:
> Package: menu
> Version: 2.1.33
> Severity: normal
> 
> I think su-to-root could use a bit more paranoia.  For instance, sourcing the
> ~/.su-to-rootrc, while not harmful in itself might be used in conjunction with
> other bugs to in a local escalation of privileges.  Also, PATH is set for
> text mode, but not X11.  Other points needing attention, from #debian-devel:
> 
> - $IFS
> - variable quoting
>   echo enter $PRIV passwd:
>   - i can add commands to $PRIV via the command line.
> - use exec

Hello Ben,

What is your attack model ? su-to-root is an unpriviledged shell script.
I do not have #debian-devel log at hand.

Cheers,
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large blue swirl here. 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to