Bugtraq mailing list archives
Re: RedHat 6.1 /and others/ PAM
From: keith () HAGGLEWARE COM (Keith Warno)
Date: Wed, 2 Feb 2000 15:30:19 -0500
For the curious, on SuSE 6.2 (PAM 0.68): keith@develop[pts/11]:~/work/dev$ echo ls ~archive | su archive Password: Mailbox backups linux public_html scripts tmp keith@develop[pts/11]:~/work/dev$ echo ls ~archive | su archive Password: su: incorrect password keith@develop[pts/11]:~/work/dev$ Always asks for password regardless of pipe. Anything passed to su via pipe is used as if it's an arg to -c option. ----- Original Message ----- From: "Markus Dobel" <m () RKUS DOBEL DE> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: 01 February 2000, Tuesday 14:24 Subject: Re: RedHat 6.1 /and others/ PAM | Simple Nomad wrote: | > | > Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of | > "standard in must be a tty..." therefore the sploit would stop on the | > first word in the list as if it was the correct password. Therefore I fail | > to see the exact sploit here. I tried this on a stock RH 6.1 machine. | | this happens on a redhat 5.2: | | [markus@balu markus]$ echo wrongpass | su - | Password: su: incorrect password | [markus@balu markus]$ echo rootpass | su - | Password: stdin: is not a tty | | so there is a noticeable difference between the right password and the | wrong ones. | | this is what redhat 6.1 tells me: | | [md@serv md]$ echo wrongpass | su - | standard in must be a tty | [md@serv md]$ echo rightpass | su - | standard in must be a tty | | seems like they fixed it. | | regards, markus |
Current thread:
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Jan 31)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Keith Warno (Feb 02)
- Re: RedHat 6.1 /and others/ PAM Ian Turner (Feb 01)
- <Possible follow-ups>
- Re: RedHat 6.1 /and others/ PAM Crashkiller (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)