severity 663200 grave thanks On Fri, 10 May 2013, Tim Connors wrote:
> > I currently can't find any idea how to fix this issue. > > > > The security issue had to be solved by dropping the controlling > > terminal, so you cannot start a command that would interact with the > > current terminal. I don't have enough terminal handling skills to find > > other way to fix the security issue than by dropping the terminal. > > > > An option could be to keep the controlling terminal when su-ing to root. > > The issue would be less visible in sux (probably used mostly to gain > > root privileges), but even if the risk when su'ing to root is lower, it > > does not smell good. > > Is this just a security risk when suing from root to an unprivledged > account (eg, in init.d scripts), and that unprivledged account injects > keystrokes back into the root shell? If it's not a risk when trying to > get into the root account and running something with -c where you desire > there to be a tty, then maybe you could keep the tty in that situation. > > Or what about providing an extra flag (eg, -C) where the user explicitly > acknoledges that they're happy to take on the risk that you have a > controlling tty and are executing a command with it? Actually, the other thing you lose (I presuming caused by acting on bug #628843) is tty resizing by SIGWINCH. ttys are really useful, it turns out. I have shedloads of up-to-date security patched RHEL5/6 machines, and I've never come across this problem on them. Yep: rhel6> su -c -u root 'cat /dev/tty' Password: asdasda asdasda debian-wheezy> su -c -u root 'cat /dev/tty' Password: cat: /dev/tty: No such device or address Sorry, marking this bug as RC (pity I missed wheezy!), breaks other software. -- Tim Connors -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
