Re: init scripts and su
On Wed, Jul 28, 2004 at 04:56:20PM +1000, Russell Coker wrote:
> On Tue, 27 Jul 2004 07:48, Andrew Pimlott <firstname.lastname@example.org> wrote:
> > If this is a real problem (which it sounds like), it's not specific to
> > init scripts. Shouldn't it be fixed in su?
> Ideally yes. But that involves proxying all operations on the pseudo-tty
> which is quite a difficult task.
Ok, I don't know enough about how terminals work. I thought from your
description that there was some way to protect the terminal from the
child by creating a new session or something.
But if su is really as unsafe as you say, maybe the pseudo-tty is the
right answer. I verified that if I "su - andrew bash" as root, then
andrew can write to root's terminal, even after bash exits (just hold
the fd open). I don't know how to go further, but from what you say I
believe it's possible. Sounds scary.