oss-sec mailing list archives

Are `su user' and/or `sudo -u user sh' considered dangerous?

From: Georgi Guninski <guninski () guninski com>
Date: Tue, 12 Jun 2018 13:17:43 +0300

 From
https://j.ludost.net/blog/archives/2018/06/12/are_su_user_andor_sudo_-u_user_sh_considered_dangerous/index.html

Per vague memory I discussed half of this with some linux crowd and
they said "won't fix" long ago.

`su user' and `sudo -u user sh' give the user the fd of root's tty
and it is readable and writable. After closing the session, the
user can keep it and on root's tty potentially do:

1. inject keypresses via ioctl()
and/or
2. read the output of root's tty, probably with some analogue of
tee(1).

Is this really a concern?

Any workarounds?

Current thread:

Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 12)
  - Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover (Jun 12)
    - Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Todd C. Miller (Jun 12)
  - Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
    - Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
    - Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 14)
    - Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 15)