On Sun, Oct 02, 2016 at 01:03:28AM -0700, Philip Guenther wrote: > On Sun, Oct 2, 2016 at 12:35 AM, Otto Moerbeek <o...@drijf.net> wrote: > > On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > > > >> On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: > >> > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to > >> > remain the same. > >> > > >> > De-escalation using these "sudo" or "doas" like tools on a tty is > >> > somewhat unsafe - it has always been unsafe - because tty's have > >> > capabilities. > >> > > >> > If you wish to be safer, do these operations without retaining access > >> > to a tty. > >> > > >> > Escalation on the other hand (user -> root) is different, because then > >> > it is clear you want to do more / everything. But de-escalation is a > >> > joke. > >> > > >> > This is just one mechanism on tty, there are others. On other > >> > descriptors there are other abilities. > >> > > >> > >> Would you mind explaining this a little bit. I don't really mean the > >> sudo/doas part. > >> > >> How to do operations without retaining access to a tty? > >> > >> What other descriptors? > > > > Well, a lot of things are possible using descriptors. Descriptors can > > refer to files, devices, sockets to name a few. So if you have an open > > descriptor to any of them... > > ...and it's not just actual file descriptors that provide privileged > access: even if a process closes all fds for its controlling tty, it > remains the process's controlling tty and can still be reopened via > /dev/tty. Similarly, simply being in the same session gives a process > additional rights that it wouldn't have otherwise, such as being able > to use tcsetpgrp() and see your login name via getlogin()... >
So fork, as used in daemon does mitigate this, as long as used correctly? Or does the same/other problems continue? Chris Bennett
