Date: Tue, 12 Jun 2018 13:17:43 +0300 From: Georgi Guninski <guninski@...inski.com> To: oss-security@...ts.openwall.com Subject: Are `su user' and/or `sudo -u user sh' considered dangerous? From https://j.ludost.net/blog/archives/2018/06/12/are_su_user_andor_sudo_-u_user_sh_considered_dangerous/index.html Per vague memory I discussed half of this with some linux crowd and they said "won't fix" long ago. `su user' and `sudo -u user sh' give the user the fd of root's tty and it is readable and writable. After closing the session, the user can keep it and on root's tty potentially do: 1. inject keypresses via ioctl() and/or 2. read the output of root's tty, probably with some analogue of tee(1). Is this really a concern? Any workarounds?
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ