Tue Jun 12 12:51:05 EEST 2018

Are `su user' and/or `sudo -u user sh' considered dangerous?

Are `su user' and/or `sudo -u user sh' considered dangerous?

Per vague memory I discussed half of this with some linux crowd and
they said "won't fix" long ago.

`su user' and `sudo -u user sh' give the user the fd of root's tty
and it is readable and writable. After closing the session, the
user can keep it and on root's tty potentially do:

1. inject keypresses via ioctl()
and/or
2. read the output of root's tty, probably with some analogue of
tee(1).

Is this really a concern?

Any workarounds?

Posted by sudo su - root | Permanent link
/\