In the last releases we ignore TIOCSTI su(1) issue. The issue is that (unprivileged) bad user can inject command to the privileged terminal. For more details see tests/helpers/test_tiocsti.c. The easy way how fix this issue is setsid() syscall; unfortunately it's bad idea in some cases (for example if you want to run su(1) session on background). And setsid() fixes TIOCSTI issue only. The core of the problem is that we share terminal file descriptors between privileged and unprivileged sessions. The real solution seems to be create independent pseudo-terminal for all the session and proxy (copy) stdin and stdout between original terminal and su(1) session terminal. I have created two branches: * su-refact: https://github.com/karelzak/util-linux/tree/su-refact https://github.com/karelzak/util-linux/commits/su-refact This branch does NOT introduce any change or a new feature to su(1). All the changes are about refactoring to make later feature improvements more easy to implement. * su-pty: https://github.com/karelzak/util-linux/tree/su-pty https://github.com/karelzak/util-linux/commits/su-refact This branch implements a new --pty command line option and it's based on su-refact. The new feature is marked as experimental and not enabled as default. It means all the current use-cases (scripts, ...) should not be affected by the new feature. I'd like to ask for review, the number of patches is large, so it's probably better to use git-hub. Please ;-) Karel -- Karel Zak <kzak@xxxxxxxxxx> http://karelzak.blogspot.com -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
