On Mon, Mar 26, 2007 at 02:58:39PM -0300, Ben Armstrong wrote: > Package: menu > Version: 2.1.33 > Severity: normal > > I think su-to-root could use a bit more paranoia. For instance, sourcing the > ~/.su-to-rootrc, while not harmful in itself might be used in conjunction with > other bugs to in a local escalation of privileges. Also, PATH is set for > text mode, but not X11. Other points needing attention, from #debian-devel: > > - $IFS > - variable quoting > echo enter $PRIV passwd: > - i can add commands to $PRIV via the command line. > - use exec
Hello Ben, What is your attack model ? su-to-root is an unpriviledged shell script. I do not have #debian-devel log at hand. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large blue swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

