Home page logo

oss-sec logo oss-sec mailing list archives

Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
From: David Black <disclosure () d1b org>
Date: Wed, 7 Nov 2012 00:37:25 +1100

In both cases, paranoid administrators might decide to use /dev/null
as stdin/stdout/stderr when just starting non-interactive programs in
different context, while they could replace the privileged shell with
exec when interactive context switch is needed (no shell, no escalation).

Any opinions on that?

Perhaps if sudo/su determine if a user is running 'interactively' they
could use a pseudo-pty ?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]