Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Jun 2018 13:38:36 +0200
From: Jakub Wilk <>
Subject: Re: Are `su user' and/or `sudo -u user sh' considered

* Georgi Guninski <>, 2018-06-12, 13:17:
>Per vague memory I discussed half of this with some linux crowd and 
>they said "won't fix" long ago.
>`su user' and `sudo -u user sh' give the user the fd of root's tty and 
>it is readable and writable. After closing the session, the user can 
>keep it and on root's tty potentially do:
>1. inject keypresses via ioctl()
>2. read the output of root's tty, probably with some analogue of 
>Is this really a concern?

This class of vulnerabilities has been known since at least 2005: (CVE-2005-4890)

It was last discussed on oss-security in 2017:

>Any workarounds?

For sudo, there's the "use_pty" flag. (It's not enabled by default.)

Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ