Amendments to pconsole fast-track [PSARC/2009/275 FastTrack timeout 05/08/2009]
Casper.Dik at sun.com
Casper.Dik at sun.com
Thu May 7 08:30:50 PDT 2009
>> If a user has run su in one terminal, any other terminal can be used to
>> control "su"; this includes any form of malware. I wdon't want to change
>> it because it still allows privilege escalation.
>>
>Not really. If the user has escalated privilege in one of their shells
>and then they come along and use pconsole to attach to the tty that
>shell is running in, they can only hijack a tty that they already own.
>Since they already own it and they already have access to the shell with
>the escalated privilege, I don't really see that as an issue. Perhaps
>you could give me the clue that helps me understand why they are getting
>to do something that they couldn't already do.
But firefox can do that also (and acroread, and flash, etc).
That's what the problem is. Not the action done by the user but what
other software can do when running as you.
Casper
More information about the opensolaris-arc
mailing list