[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Karel Zak
kzak at redhat.com
Mon Oct 3 19:49:08 UTC 2016
On Mon, Oct 03, 2016 at 09:34:14PM +0200, Simon Ruderich wrote:
> On Mon, Oct 03, 2016 at 09:22:50PM +0200, up201407890 at alunos.dcc.fc.up.pt wrote:
> > Loss of job control in the shell.
>
> I'm confused. I'm not talking about removing the controlling
> terminal, but instead spawning a new session, opening a new pts
> and connecting that to the program. This way the program has a
> tty, job control works, but the tty is different and therefore
> can't be controlled by the less-privileged account.
Yes, I'm thinking about this way (as discussed on util-linux
mailing list), but it's relatively complex.
My plan is to try to implement it. We will see.
Karel
--
Karel Zak <kzak at redhat.com>
http://karelzak.blogspot.com
More information about the Pkg-shadow-devel
mailing list