Florent Rougon <[EMAIL PROTECTED]> writes:
> Florent Rougon <[EMAIL PROTECTED]> wrote:
>
>> Is it possible for a malicious su wrapper to:
>>
>> 1. record root's password (of course, yes);
>>
>> 2. *and then* feed this password to the real "su".
>>
>> I suspect the real "su" empties the stdin buffer (or something like
>> that) to avoid such attacks, but would be glad to hear a confirmation
>> from people who know better.
>
> OK, answering my own question. su has the following code:
>
> if (isatty (0) && (cp = ttyname (0))) {
For this to succeed the stdin must be a terminal. But nothing stops
you from using a pseudo terminal (pty).
MfG
Goswin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
