Hello,
I think Ismaƫl has a point here:
> I'm bumping this bug to point out that the problem is not 100% fixed.
> Even though "su -c" is now safe, interactive "su" or "su -" are still at
> risk and this should probably be reflected here on the BTS.
I successfully used this on my up-to-date Squeeze system.
However, one can use the following workaround to avoid giving root access:
# exec su baduser
However this is still problematic:
niceguy$ su
root$ exec su badguy
badguy$ ./exploit.pl
=> the command is still launched by niceguy.
Not sure if a "good" solution exists...
Fabien C.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
