Amendments to pconsole fast-track [PSARC/2009/275 FastTrack timeout 05/08/2009]
Casper.Dik at sun.com
Casper.Dik at sun.com
Thu May 7 01:13:58 PDT 2009
>> Norm,
>
>> 4) Conclusion on privs/uids.
>> Nit: the exec_attr entry s/suser/solaris/
>> Is it really the euid that matters, or is it that euid=0 gives
>> privs=all? I don't know how to answer the tiocsti question.
>> I'm not sure that's this case (though it would be nice if
>> the policy was revisited and this case dependent on that revisit),
>> but I'm not suggesting that be the a case requirement.
>>
>> Perhaps an offline email if I've not been clear.
>
> Talking to Nico off line about something else, he said he'd looked
> some at tiocsti and felt it was a bug that you couldn't control
> the tty/pty that you own. I don't find TIOCSTI adequately
> documented by Sun. But google did it.
The reason behind this is the owner doesn't really tell everything.
If a user has run su in one terminal, any other terminal can be used to
control "su"; this includes any form of malware. I wdon't want to change
it because it still allows privilege escalation.
Casper
More information about the opensolaris-arc
mailing list