Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]

To: debian-devel@lists.debian.org
Subject: Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
From: Andrew Pimlott <andrew@pimlott.net>
Date: Sat, 31 Jul 2004 17:01:59 -0400
Message-id: <[🔎] 20040731210159.GA28557@pimlott.net>
Mail-followup-to: Andrew Pimlott <andrew@pimlott.net>, debian-devel@lists.debian.org
In-reply-to: <[🔎] ceg9m3$gdk$2@news.cistron.nl>
References: <[🔎] 200407261453.56729.russell@coker.com.au> <[🔎] 20040731055734.GA27166@kontryhel.haltyr.dyndns.org> <[🔎] ceg9m3$gdk$2@news.cistron.nl>

On Sat, Jul 31, 2004 at 02:17:39PM +0000, Miquel van Smoorenburg wrote:
> You cannot use TIOCSTI after fork() and setsid(). Unless you're
> root, because root can do anything.

Aren't read/write serious enough to be a significant vulnerability?

Andrew

Reply to:

References:
- init scripts and su
  - From: Russell Coker <russell@coker.com.au>
- su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
  - From: Jan Minar <jjminar@fastmail.fm>
- Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
  - From: "Miquel van Smoorenburg" <miquels@cistron.nl>

Prev by Date: Depending on another package's source
Next by Date: Re: Depending on another package's source
Previous by thread: Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
Next by thread: libtiff4 packages available
Index(es):
- Date
- Thread