On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: > > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to > > remain the same. > > > > De-escalation using these "sudo" or "doas" like tools on a tty is > > somewhat unsafe - it has always been unsafe - because tty's have > > capabilities. > > > > If you wish to be safer, do these operations without retaining access > > to a tty. > > > > Escalation on the other hand (user -> root) is different, because then > > it is clear you want to do more / everything. But de-escalation is a > > joke. > > > > This is just one mechanism on tty, there are others. On other > > descriptors there are other abilities. > > > > Would you mind explaining this a little bit. I don't really mean the > sudo/doas part. > > How to do operations without retaining access to a tty? > > What other descriptors?
Well, a lot of things are possible using descriptors. Descriptors can refer to files, devices, sockets to name a few. So if you have an open descriptor to any of them... > > And, I would especially appreciate any areas in src that could more > fully give me an understanding of this. Studying code has to be > essential to get this. e.g. login(1), cron(8), daemon(3) and setsid(2) and friends. -Otto