oss-sec mailing list archives

Re: TTY handling when executing code in different lower-privileged context (su, virt containers)

From: David Black <disclosure () d1b org>
Date: Wed, 7 Nov 2012 00:37:25 +1100

In both cases, paranoid administrators might decide to use /dev/null
as stdin/stdout/stderr when just starting non-interactive programs in
different context, while they could replace the privileged shell with
exec when interactive context switch is needed (no shell, no escalation).

Any opinions on that?



Perhaps if sudo/su determine if a user is running 'interactively' they
could use a pseudo-pty ?

Current thread:

TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 05)
- Re: TTY handling when executing code in different lower-privileged context (su, virt containers) vladz (Nov 06)
  - Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 06)
  - Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 06)
- <Possible follow-ups>
- Re: TTY handling when executing code in different lower-privileged context (su, virt containers) David Black (Nov 06)
  - Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Marcus Meissner (Nov 06)
    - Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Todd C. Miller (Nov 06)