Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]

To: debian-devel@lists.debian.org
Subject: Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
From: "Miquel van Smoorenburg" <miquels@cistron.nl>
Date: Sat, 31 Jul 2004 14:17:39 +0000 (UTC)
Message-id: <[🔎] ceg9m3$gdk$2@news.cistron.nl>
References: <[🔎] 200407261453.56729.russell@coker.com.au> <[🔎] 20040731055734.GA27166@kontryhel.haltyr.dyndns.org>

In article <[🔎] 20040731055734.GA27166@kontryhel.haltyr.dyndns.org>,
Jan Minar  <jjminar@fastmail.fm> wrote:
>I've filed bugs against su (package `login') & sudo.  I've made a simple
>proof-of-concept program (attached).  Despite of what has been said
>earlier, it can ioctl(0,TIOCSTI,&c), even after fork().

You cannot use TIOCSTI after fork() and setsid(). Unless you're
root, because root can do anything.

Mike.
-- 
The question is, what is a "manamanap".
The question is, who cares ?

Reply to:

Follow-Ups:
- Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
  - From: Andrew Pimlott <andrew@pimlott.net>

References:
- init scripts and su
  - From: Russell Coker <russell@coker.com.au>
- su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
  - From: Jan Minar <jjminar@fastmail.fm>

Prev by Date: Re: Adding a "feedback" features to the BTS
Next by Date: Bug#262552: ITP: ruby-amazon -- a Ruby library for programmatic access to the Amazon website
Previous by thread: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
Next by thread: Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]
Index(es):
- Date
- Thread