'Re: [oss-security] Are `su user' and/or `sudo -u user sh' considered dangerous?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Are `su user' and/or `sudo -u user sh' considered dangerous?
From:       Georgi Guninski <guninski () guninski ! com>
Date:       2018-06-15 13:08:07
Message-ID: 20180615130807.GB1898 () sivokote ! iziade ! m$
[Download RAW message or body]

On Thu, Jun 14, 2018 at 08:12:59PM +0200, Jakub Wilk wrote:
> Until su is fixed to allocate new pty, I recommend running it under a
> standalone terminal emulator, such as screen or tmux. This has also an
> advantage that it's possible to tell that the invoked program actually
> terminated, instead of just pretending to terminate and faking root shell
> UI.
>
Looks like util-linux currently supports pty's:
http://man7.org/linux/man-pages/man1/su.1.html
-P, --pty
              Create pseudo-terminal for the session.
...
This feature is EXPERIMENTAL for now and may be removed in the
              next releases.
 
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic