Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Jun 2018 13:17:43 +0300
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: Are `su user' and/or `sudo -u user sh' considered dangerous?

 From
https://j.ludost.net/blog/archives/2018/06/12/are_su_user_andor_sudo_-u_user_sh_considered_dangerous/index.html

Per vague memory I discussed half of this with some linux crowd and
they said "won't fix" long ago.

`su user' and `sudo -u user sh' give the user the fd of root's tty
and it is readable and writable. After closing the session, the
user can keep it and on root's tty potentially do:

1. inject keypresses via ioctl()
and/or
2. read the output of root's tty, probably with some analogue of
tee(1).

Is this really a concern?

Any workarounds?

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.