[Pkg-shadow-devel] TTY handling in su when executing code in lower-privileged context

Alexander Gattin xrgtn at yandex.ru
Tue Nov 13 08:15:28 UTC 2012


Hello,

On Mon, Nov 12, 2012 at 08:48:44PM +0000, halfdog
wrote:
> Alexander Gattin wrote:
> > We could try to implement ptm/pts approach,
> > but I doubt it would be terribly portable,
> > given all the problems Don Libes faced with
> > Expect....
> 
> I've head that SuSE has some kind of patch, see
> the discussion on oss-security.

Didn't find that one yet,

> Also the "screen" utility seems to work quite
> well, perhaps some code could be reused or
> shared (lib-subpty?)

Both Expect and screen are quite portable (I have
built them on HP-UX PA-RISC and Itanic machines
BTW), but correct implementation requires a lot of
autoconf etc. I looked into sudo source code and
I'm not sure it would be easy to extract relevant
code into lib-subpty (same true for screen and
Expect). Nevertheless we should try to do this,
IMHO, for Debian GNU/Linux and GNU/kFreeBSD at
least.

-- 
With best regards,
xrgtn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20121113/037b1cd9/attachment.pgp>


More information about the Pkg-shadow-devel mailing list