[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pkg-shadow-devel
Subject:    [Pkg-shadow-devel] Bug#628843:  Bug#628843: use pty?
From:       Alexander Gattin <xrgtn () yandex ! ru>
Date:       2013-03-07 9:10:14
Message-ID: 20130307091014.GD7448 () localhost ! localdomain
[Download RAW message or body]


Hello,

On Wed, Mar 06, 2013 at 11:23:01AM -0600, Serge
Hallyn wrote:
> As mdeslaur has pointed out in irc, one solution
> would be to have interactive su use a new pty
> for the session.  Not trivial,

and not very portable too. The best pty handling
is done by Expect (Tcl/Expect) IMHO, but its code
looks too complex.

Probably, we should do the simplified pty for
selected platforms (GNU/Linux, FreeBSD) and try
not to break others (and leave them vulnerable
until someone cares much).

> Alternatively, we could simply update the su man
> page to recommend su only be used for increasing
> privilege (becoming root), and recommend other
> means for dropping privilege or switching users.

IMHO we should do both -- first update the su man
page (and leave it so for other platforms), then
implement pty workaround for Linux and BSD and
restore su manpage for Linux/BSD.

--=20
With best regards,
xrgtn

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]