[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init scripts and su

Jan Minar wrote:
> Has anyone made any progress in solving the su/sudo/super TIOCSTI
> ioctl vulnerability?

Am I correct in thinking that the vulnerability occurs when the
admin runs "su foouser barcmd" from a shell *and* there is some
compromised program running as user foouser which waits for this
to happen and, when it does, injects characters into the admin's
terminal to cause arbitrary commands to be executed with root
Thomas Hood

Reply to: