[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "su -" and "su" - what is the real difference?

Florent Rougon <f.rougon@free.fr> writes:

> Florent Rougon <f.rougon@free.fr> wrote:
>> Is it possible for a malicious su wrapper to:
>>   1. record root's password (of course, yes);
>>   2. *and then* feed this password to the real "su".
>> I suspect the real "su" empties the stdin buffer (or something like
>> that) to avoid such attacks, but would be glad to hear a confirmation
>> from people who know better.
> OK, answering my own question. su has the following code:
>     if (isatty (0) && (cp = ttyname (0))) {

For this to succeed the stdin must be a terminal. But nothing stops
you from using a pseudo terminal (pty).


Reply to: