Date: Wed, 17 Oct 2007 15:16:12 -0400 From: =?UTF-8?B?6Z+T5a625qiZIEJpbGwgSGFja2Vy?= <askbill@conducive.net> To: freebsd-current@freebsd.org Subject: Re: Broken su in current - trying to fix myself, help needed! Message-ID: <47165F7C.4090300@conducive.net> In-Reply-To: <20071017184105.GA76805@nagual.pp.ru> References: <00bd01c810ec$10371230$0c00a8c0@Artem> <20071017184105.GA76805@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Chernov wrote: > On Wed, Oct 17, 2007 at 10:32:16PM +0400, Artem Kuchin wrote: >> There are such like in the default: dection of switch >> >> child_pgrp = getpgid(child_pid); >> if (tcgetpgrp(STDERR_FILENO) == child_pgrp) >> tcsetpgrp(STDERR_FILENO, getpgrp()); >> >> >> The problem is here. >> getpgid(child_pid) simply fails with errno 3 (process doesn't exist) > > The question is: why getpgid() fails while process really exists (in > stopped state)? > Are we even chasing the correct animal here? Are the tests being run as root? If not, is the stalled state perhaps seen as a privilege-escalation issue? Or that the PID sought exists, but not as belonging to or permitted to be known to the current EUID:EGID? Or that the EUID:EGUID su'ed to simply has a different login shell invoked than that used by the caller's UID or the script? IOW - not seeing a lesser-than root:wheel user being su'ed to, and not seeing a pwd requested and responded to that root:wheel should ask for unless the caller is *already* root:wheel, is there actually something 'broken' in su - or has security simply been made more rigourous between 6.X and 7.X? Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47165F7C.4090300>