For the curious, on SuSE 6.2 (PAM 0.68): keith@develop[pts/11]:~/work/dev$ echo ls ~archive | su archive Password: Mailbox backups linux public_html scripts tmp keith@develop[pts/11]:~/work/dev$ echo ls ~archive | su archive Password: su: incorrect password keith@develop[pts/11]:~/work/dev$ Always asks for password regardless of pipe. Anything passed to su via pipe is used as if it's an arg to -c option. ----- Original Message ----- From: "Markus Dobel" <mat_private> To: <BUGTRAQat_private> Sent: 01 February 2000, Tuesday 14:24 Subject: Re: RedHat 6.1 /and others/ PAM | Simple Nomad wrote: | > | > Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of | > "standard in must be a tty..." therefore the sploit would stop on the | > first word in the list as if it was the correct password. Therefore I fail | > to see the exact sploit here. I tried this on a stock RH 6.1 machine. | | this happens on a redhat 5.2: | | [markus@balu markus]$ echo wrongpass | su - | Password: su: incorrect password | [markus@balu markus]$ echo rootpass | su - | Password: stdin: is not a tty | | so there is a noticeable difference between the right password and the | wrong ones. | | this is what redhat 6.1 tells me: | | [md@serv md]$ echo wrongpass | su - | standard in must be a tty | [md@serv md]$ echo rightpass | su - | standard in must be a tty | | seems like they fixed it. | | regards, markus |
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:10 PDT