[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
up201407890 at alunos.dcc.fc.up.pt
up201407890 at alunos.dcc.fc.up.pt
Mon Oct 3 19:58:23 UTC 2016
Quoting "Karel Zak" <kzak at redhat.com>:
Anyways, it is bad admin practice and/or an invasion of privacy to su
to an unprivileged user.
This has been talked alot in the past, in most of the times even
closed as "WONTFIX".
What I'm saying is, it's OK if you can't come up with something.
Better use 'su -c' in any case.
> On Mon, Oct 03, 2016 at 09:34:14PM +0200, Simon Ruderich wrote:
>> On Mon, Oct 03, 2016 at 09:22:50PM +0200,
>> up201407890 at alunos.dcc.fc.up.pt wrote:
>> > Loss of job control in the shell.
>>
>> I'm confused. I'm not talking about removing the controlling
>> terminal, but instead spawning a new session, opening a new pts
>> and connecting that to the program. This way the program has a
>> tty, job control works, but the tty is different and therefore
>> can't be controlled by the less-privileged account.
>
> Yes, I'm thinking about this way (as discussed on util-linux
> mailing list), but it's relatively complex.
>
> My plan is to try to implement it. We will see.
>
> Karel
>
> --
> Karel Zak <kzak at redhat.com>
> http://karelzak.blogspot.com
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Pkg-shadow-devel
mailing list