[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init scripts and su

On Wed, Jul 28, 2004 at 04:56:20PM +1000, Russell Coker wrote:
> On Tue, 27 Jul 2004 07:48, Andrew Pimlott <andrew@pimlott.net> wrote:
> > If this is a real problem (which it sounds like), it's not specific to
> > init scripts.  Shouldn't it be fixed in su?
> Ideally yes.  But that involves proxying all operations on the pseudo-tty 
> which is quite a difficult task.

Ok, I don't know enough about how terminals work.  I thought from your
description that there was some way to protect the terminal from the
child by creating a new session or something.

But if su is really as unsafe as you say, maybe the pseudo-tty is the
right answer.  I verified that if I "su - andrew bash" as root, then
andrew can write to root's terminal, even after bash exits (just hold
the fd open).  I don't know how to go further, but from what you say I
believe it's possible.  Sounds scary.


Reply to: