On Thu, Sep 12, 2013 at 10:27, Matthew Weigel wrote: > On 2013-09-11 19:59, Michael W. Lucas wrote: > >> This, well, kind of surprised me. I'm sure you folks have thought this >> through in much more detail than I have, but I can't find anything on >> the rationale behind it. >> >> It seems insecure. Can anyone enlighten me as to the thinking here? > > I can't say whether this is the thinking of the OpenBSD developers, but > I have seen some concerns over the years that tty_tickets gives a false > sense of security.
This is technically true. If you used sudo on any tty (ttyA), somebody at a different tty (ttyB) but logged in as the same uid, can simply ptrace (gdb) the ttyA sh and tell it to run sudo. This is a step more complicated than somebody just walking over to your keyboard while you're getting coffee, but it's not particularly difficult or implausible. uid is the main means of implementing isolation in unix. Trying to isolate two processes with the same uid is, imo, a generally fruitless endeavor.
