The oldest privesc: injecting careless administrators’ terminals using TTY push(errno.fr)
errno.fr
The oldest privesc: injecting careless administrators’ terminals using TTY push
https://www.errno.fr/TTYPushback.html
4 コメント
I have been wondering if there is a minimal and composable solution for creating a pseudoterminal, using just command-line tools in GNU Linux distros. bubblewrap has the --new-session flag, but it results in a terminal situation that is not really usable by programs like bash and emacs. It seems weird that the only way to truly prevent untrusted code from being able to exploit the terminal is to use su or sudo.
This attack also doesn't work if you `exec su lowpriv_user` since there is no parent shell.
Any links to bug tickets for su & sudo reporting the insecure default?
It's also been disabled in Android, apparently, so that would've also brought its unavailability to the attention of many Linux-specific open source projects. The concern, now, would presumably largely just be any proprietary Linux software floating around that makes use of it.