On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote:
> On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote:
> > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to
> > remain the same.
> >
> > De-escalation using these "sudo" or "doas" like tools on a tty is
> > somewhat unsafe - it has always been unsafe - because tty's have
> > capabilities.
> >
> > If you wish to be safer, do these operations without retaining access
> > to a tty.
> >
> > Escalation on the other hand (user -> root) is different, because then
> > it is clear you want to do more / everything. But de-escalation is a
> > joke.
> >
> > This is just one mechanism on tty, there are others. On other
> > descriptors there are other abilities.
> >
>
> Would you mind explaining this a little bit. I don't really mean the
> sudo/doas part.
>
> How to do operations without retaining access to a tty?
>
> What other descriptors?
Well, a lot of things are possible using descriptors. Descriptors can
refer to files, devices, sockets to name a few. So if you have an open
descriptor to any of them...
>
> And, I would especially appreciate any areas in src that could more
> fully give me an understanding of this. Studying code has to be
> essential to get this.
e.g. login(1), cron(8), daemon(3) and setsid(2) and friends.
-Otto
