Re: "su -" and "su" - what is the real difference?
Florent Rougon <f.rougon@free.fr> writes:
> Florent Rougon <f.rougon@free.fr> wrote:
>
>> Is it possible for a malicious su wrapper to:
>>
>> 1. record root's password (of course, yes);
>>
>> 2. *and then* feed this password to the real "su".
>>
>> I suspect the real "su" empties the stdin buffer (or something like
>> that) to avoid such attacks, but would be glad to hear a confirmation
>> from people who know better.
>
> OK, answering my own question. su has the following code:
>
> if (isatty (0) && (cp = ttyname (0))) {
For this to succeed the stdin must be a terminal. But nothing stops
you from using a pseudo terminal (pty).
MfG
Goswin
Reply to: