[Bug 913029] Re: su segfaults when Ctrl-D is entered as the first charachter in response to the password prompt

Jon Brase 913029 at bugs.launchpad.net
Sat Jan 7 06:38:38 UTC 2012 

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/913029

Title:
  su segfaults when Ctrl-D is entered as the first charachter in
  response to the password prompt

Status in “shadow” package in Ubuntu:
  New

Bug description:
  64 bit Ubuntu 10.04.3 LTS
  login version 1:4.1.4.2-1ubuntu2.2

  Steps to reproduce:

  1. Invoke su. (What options and username are given, if any, doesn't seem to matter).
  2. When prompted for a password, hit Ctrl-D without typing any other characters first.

  Expected results:

  su should handle Ctrl-D however it was designed to handle it without
  segfaulting.

  I had accidentally invoked su and subconsciously  expected su to treat
  Ctrl-D as end of input and terminate (as cat or a shell would).

  Actual results:

  su terminates with a segfault.

  -----------------------------------------------------------------

  I am not sure whether to check the "This bug is a security
  vulnerability box". I will leave it unchecked as I'm uncertain what
  the criteria are for classifying a bug as a security vulnerability and
  as I have not observed this bug to allow a privileged login without a
  password, but it seems that a segfault in a program that deals with
  passwords, especially while handling passwords, is at least a
  potential vulnerability.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: login 1:4.1.4.2-1ubuntu2.2
  ProcVersionSignature: Ubuntu 2.6.32-25.44-generic 2.6.32.21+drm33.7
  Uname: Linux 2.6.32.41+drm33.18-jwb x86_64
  NonfreeKernelModules: nvidia
  Architecture: amd64
  Date: Fri Jan  6 23:49:12 2012
  ProcEnviron:
   LANGUAGE=en_US:en
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/zsh
  SourcePackage: shadow

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/913029/+subscriptions

More information about the foundations-bugs mailing list