[Pkg-shadow-devel] Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl

Simon Ruderich simon at ruderich.org
Mon Oct 3 22:27:02 UTC 2016


On Mon, Oct 03, 2016 at 11:07:59PM +0200, up201407890 at alunos.dcc.fc.up.pt wrote:
> It's an invasion of privacy, as I said, for normal users.

Sure, but that's not my use case.

> In your case, if you're changing to an unprivileged user without a shell nor
> password, probably some sort of "locked" account, how is an attacker going
> to make use of TIOCSTI to exploit your system? (Assuming you're not going to
> run untrusted applications).
>
> Now imagine that that locked user got compromised. Changing to a compromised
> user IS and will ALWAYS be bad practice. So, if you don't know if the user
> is compromised or not, don't log into that account, as simple as that. All
> sorts of bad things can happen.

I see your point.

But there's always a trade-off between security and usability.
And logging in as a (possibly compromised) user makes working
with user separation much easier and should still be as secure as
possible (that's why I want to fix su and sudo). I know an
attacker could exploit my terminal emulator when I log in, but
it's better than no isolation at all IMHO.

Anyway, this is off-topic, so let's take this off-list if you
want to discuss it further.

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20161004/40bb3d61/attachment.sig>


More information about the Pkg-shadow-devel mailing list