[Pkg-shadow-devel] Bug#628843: Bug#628843: Bug#628843: (forw) Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Nicolas François
nicolas.francois at centraliens.net
Sat Jun 11 15:12:54 UTC 2011
Hello,
One more point to be reviewed.
shadow-utils supports also configurations where PAM is not used.
In that case, su does not fork to exec the interactive shell / command, so
I cannot use setsid().
In that case, I intend to use:
#include <termios.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int fd;
if ((fd = open ("/dev/tty", O_RDWR)) >= 0) {
ioctl (fd, TIOCNOTTY, (char *) 0);
close (fd);
}
I think this should be sufficient to protect the terminal (i.e.
re-attaching to it is not possible). This looks simpler than:
pid_t child = fork();
if (child == -1) {
...
} else if (child > 0) {
_exit(0);
}
setsid();
(In this version I would need again to handle the signals manually instead
of the _exit())
Also if the above ioctl is sufficient, is there a benefit from setsid()?
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list