Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jun 2018 12:54:54 +0300
From: Georgi Guninski <>
Subject: Re: Are `su user' and/or `sudo -u user sh' considered

On Wed, Jun 13, 2018 at 10:40:43AM +0300, Georgi Guninski wrote:
> Is there POC for relatively new distros?

debian 8 and 9 are vulnerable to su - hostile:

what about the second potential vulnerability: reading root's tty after
the session is closed with something like tee(1) ?

several sources suggest disabling TIOCSTI or using setsid(), are they

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ