[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Simon Ruderich
simon at ruderich.org
Mon Oct 3 20:25:54 UTC 2016
On Mon, Oct 03, 2016 at 09:49:08PM +0200, Karel Zak wrote:
> Yes, I'm thinking about this way (as discussed on util-linux
> mailing list), but it's relatively complex.
I have a working solution here. It's a standalone program and not
very well tested, but works fine for me. Just tell me if you want
to get the source. (Disclaimer: I'm no terminal expert, so be
careful with trusting it too much.)
This bug also has some patches which implement exactly that and
may just need a little refinement.
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20161003/8a99bcc8/attachment-0001.sig>
More information about the Pkg-shadow-devel
mailing list