Re: Bug#274229: System accounts with valid shells

[Jakub Wilk <jwilk@debian.org>]

* Steve Langasek <vorlon@debian.org>, 2014-01-09, 08:50:
> > > I wonder whether noninteractive su to drop privileges from root to a 
> > > system account (in maintainer scripts, etc.) should be discouraged 
> > > altogether, in favour of something with argv rather than shell 
> > > semantics, like sudo/chrootuid? You can always get back from 
> > > argv-based to to shell-based semantics by using "sh -c '<command>'" 
> > > as the final arguments, if you really need shell command-line 
> > > parsing.
>
> > I've been using setuidgid from daemontools for this for years because 
> > su is much too heavy-weight and kept doing things I didn't want it to 
> > do.
>
> For a lightweight, PAM-less uid switcher in Debian's base system, you 
> probably want to use start-stop-daemon --chuid.

AFAICS neither setuidgid nor start-stop-daemon protects you from tty 
hijacking via TIOCSTI (see bug #628843).

--
Jakub Wilk