Hello, One more point to be reviewed.
shadow-utils supports also configurations where PAM is not used. In that case, su does not fork to exec the interactive shell / command, so I cannot use setsid(). In that case, I intend to use: #include <termios.h> #include <sys/ioctl.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int fd; if ((fd = open ("/dev/tty", O_RDWR)) >= 0) { ioctl (fd, TIOCNOTTY, (char *) 0); close (fd); } I think this should be sufficient to protect the terminal (i.e. re-attaching to it is not possible). This looks simpler than: pid_t child = fork(); if (child == -1) { ... } else if (child > 0) { _exit(0); } setsid(); (In this version I would need again to handle the signals manually instead of the _exit()) Also if the above ioctl is sufficient, is there a benefit from setsid()? Best Regards, -- Nekral -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org