[sudo-workers] use_pty option is broken
Todd C. Miller
Todd.Miller at courtesan.com
Wed Sep 6 09:43:11 MDT 2017
This only appeared to work in sudo 1.8.19p2. If you run, for example:
ssh root at localhost "sudo tty > /tmp/ttyname"
you'll find that the contents of /tmp/ttyname is "not a tty" in
both sudo versions. In contrast:
ssh -t root at localhost "tty > /tmp/ttyname"
shows that standard input is connected to a pty.
Previously, sudo would use a pipe to connect stdin, stdout and
stderr in this case. As a fix for bug #786 it no longer does so:
https://bugzilla.sudo.ws/show_bug.cgi?id=786
A goal for a future sudo release is to make use_pty the default
while matching the behavior of !use_pty as closely as possible.
The idea is to avoid the security issues that come from running
a command as another user on the same tty.
Rather than change the use_pty behavior I'd rather add a "fork_pty"
option if users want to force the use of a pty when a terminal is
not otherwise in use.
- todd
More information about the sudo-workers
mailing list