Date: Fri, 15 Jun 2018 16:08:07 +0300 From: Georgi Guninski <guninski@...inski.com> To: oss-security@...ts.openwall.com Subject: Re: Are `su user' and/or `sudo -u user sh' considered dangerous? On Thu, Jun 14, 2018 at 08:12:59PM +0200, Jakub Wilk wrote: > Until su is fixed to allocate new pty, I recommend running it under a > standalone terminal emulator, such as screen or tmux. This has also an > advantage that it's possible to tell that the invoked program actually > terminated, instead of just pretending to terminate and faking root shell > UI. > Looks like util-linux currently supports pty's: http://man7.org/linux/man-pages/man1/su.1.html -P, --pty Create pseudo-terminal for the session. ... This feature is EXPERIMENTAL for now and may be removed in the next releases.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ