Amendments to pconsole fast-track [PSARC/2009/275 FastTrack timeout 05/08/2009]

[Norm Jacobs]

Casper.Dik at sun.com wrote:
>>> Norm,
>>>       
>>> 	4) Conclusion on privs/uids.
>>> 	   Nit: the exec_attr entry s/suser/solaris/
>>> 	   Is it really the euid that matters, or is it that euid=0 gives
>>> 	   privs=all?  I don't know how to answer the tiocsti question.
>>> 	   I'm not sure that's this case (though it would be nice if
>>> 	   the policy was revisited and this case dependent on that revisit),
>>> 	   but I'm not suggesting that be the a case requirement.
>>>
>>> 	Perhaps an offline email if I've not been clear.
>>>       
>> 	Talking to Nico off line about something else, he said he'd looked
>> 	some at tiocsti and felt it was a bug that you couldn't control
>> 	the tty/pty that you own.  I don't find TIOCSTI adequately
>> 	documented by Sun.  But google did it.  
>>     
>
> The reason behind this is the owner doesn't really tell everything.
>
> If a user has run su in one terminal, any other terminal can be used to
> control "su"; this includes any form of malware.  I wdon't want to change 
> it because it still allows privilege escalation.
>   
Not really.  If the user has escalated privilege in one of their shells 
and then they come along and use pconsole to attach to the tty that 
shell is running in, they can only hijack a tty that they already own.  
Since they already own it and they already have access to the shell with 
the escalated privilege, I don't really see that as an issue.  Perhaps 
you could give me the clue that helps me understand why they are getting 
to do something that they couldn't already do.

    -Norm