mailing list archives
Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
From: David Black <disclosure () d1b org>
Date: Wed, 7 Nov 2012 00:37:25 +1100
In both cases, paranoid administrators might decide to use /dev/null
as stdin/stdout/stderr when just starting non-interactive programs in
different context, while they could replace the privileged shell with
exec when interactive context switch is needed (no shell, no escalation).
Any opinions on that?
Perhaps if sudo/su determine if a user is running 'interactively' they
could use a pseudo-pty ?