Slackware-14.1 ChangeLog (2014-02-20)

Thu Feb 20 00:30:49 UTC 2014

  • patches/packages/shadow-
    Shadow 4.1.5 addressed a tty-hijacking vulnerability in “su -c”
    (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
    case via a TIOCNOTTY request. Bi-directional protection is excessive
    and breaks a commonly-used methods for privilege escalation on non-PAM
    systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
    This update relaxes the restriction and only detaches the controlling
    tty when the callee is not root (which is, after all, the threat vector).
    Thanks to mancha for the patch (and the above information).
  • news/2014/02/20/slackware-14.1-changelog.txt
  • Last modified: 7 years ago
  • by Giuseppe Di Terlizzi