Hello, On Wed, Mar 06, 2013 at 11:23:01AM -0600, Serge Hallyn wrote: > As mdeslaur has pointed out in irc, one solution > would be to have interactive su use a new pty > for the session. Not trivial,
and not very portable too. The best pty handling is done by Expect (Tcl/Expect) IMHO, but its code looks too complex. Probably, we should do the simplified pty for selected platforms (GNU/Linux, FreeBSD) and try not to break others (and leave them vulnerable until someone cares much). > Alternatively, we could simply update the su man > page to recommend su only be used for increasing > privilege (becoming root), and recommend other > means for dropping privilege or switching users. IMHO we should do both -- first update the su man page (and leave it so for other platforms), then implement pty workaround for Linux and BSD and restore su manpage for Linux/BSD. -- With best regards, xrgtn
signature.asc
Description: Digital signature
