[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su/sudo arbitrary character injection in keyboard buffer [Was: init scripts and su]



In article <20040731055734.GA27166@kontryhel.haltyr.dyndns.org>,
Jan Minar  <jjminar@fastmail.fm> wrote:
>I've filed bugs against su (package `login') & sudo.  I've made a simple
>proof-of-concept program (attached).  Despite of what has been said
>earlier, it can ioctl(0,TIOCSTI,&c), even after fork().

You cannot use TIOCSTI after fork() and setsid(). Unless you're
root, because root can do anything.

Mike.
-- 
The question is, what is a "manamanap".
The question is, who cares ?



Reply to: