From: Karel Zak Date: Mon, 4 Mar 2019 12:13:30 +0000 (+0100) Subject: su/runuser: don't mark --pty as experimental, add it to runuser.1 too X-Git-Tag: v2.34-rc1~79 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b07e2682f09fdf34874c14372c9059baf315a95;p=thirdparty%2Futil-linux.git su/runuser: don't mark --pty as experimental, add it to runuser.1 too * let's assume that --pty is stable enough that we do not have to remove it ;-) * add --pty to the runuser.1 man page Addresses: https://github.com/karelzak/util-linux/issues/760 Signed-off-by: Karel Zak --- diff --git a/login-utils/runuser.1 b/login-utils/runuser.1 index 2216722005..e6b9a8e6bc 100644 --- a/login-utils/runuser.1 +++ b/login-utils/runuser.1 @@ -101,6 +101,15 @@ sets argv[0] of the shell to in order to make the shell a login shell .RE .TP +.BR \-P , " \-\-pty" +Create pseudo-terminal for the session. The independent terminal provides +better security as user does not share terminal with the original +session. This allow to avoid TIOCSTI ioctl terminal injection and another +security attacks against terminal file descriptors. The all session is also +possible to move to background (e.g. "runuser --pty -u username -- command &"). +If the pseudo-terminal is enabled then runuser command works +as a proxy between the sessions (copy stdin and stdout). +.TP .BR \-m , " \-p" , " \-\-preserve\-environment" Preserve the entire environment, i.e. it does not set .BR HOME , diff --git a/login-utils/su.1 b/login-utils/su.1 index 5ae6d6b2dc..f2b8fac8a9 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -115,9 +115,6 @@ security attacks against terminal file descriptors. The all session is also possible to move to background (e.g. "su --pty - username -c application &"). If the pseudo-terminal is enabled then su command works as a proxy between the sessions (copy stdin and stdout). - -This feature is EXPERIMENTAL for now and may be removed in the next releases. - .TP .BR \-s , " \-\-shell" = \fIshell Run the specified \fIshell\fR instead of the default. The shell to run is