From: Sebastian Pipping Date: Fri, 5 Jan 2024 23:46:49 +0000 (+0100) Subject: runuser|su: Start supporting option -T|--no-pty X-Git-Tag: v2.40-rc1~63 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2bc9cd09f23733c84789f1d3b2284d4c3ddae5c2;p=thirdparty%2Futil-linux.git runuser|su: Start supporting option -T|--no-pty .. to pave the way for a future with -P|--pty for a default. --- diff --git a/login-utils/runuser.1.adoc b/login-utils/runuser.1.adoc index 4708e02a1b..aea95f743b 100644 --- a/login-utils/runuser.1.adoc +++ b/login-utils/runuser.1.adoc @@ -73,6 +73,10 @@ If the target user has a restricted shell (i.e., not listed in _/etc/shells_), t **--session-command=**__command__:: Same as *-c*, but do not create a new session. (Discouraged.) +*-T*, *--no-pty**:: +Do not create a pseudo-terminal, opposite of *--pty* and *-P*. +Note that running without a pseudo-terminal opens the security risk of privilege escalation through TIOCSTI/TIOCLINUX ioctl command injection. + *-w*, *--whitelist-environment*=_list_:: Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*. diff --git a/login-utils/su-common.c b/login-utils/su-common.c index 06ce5dba2e..4cc24e34c1 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -902,6 +902,7 @@ static void usage_common(void) fputs(_(" -f, --fast pass -f to the shell (for csh or tcsh)\n"), stdout); fputs(_(" -s, --shell run if /etc/shells allows it\n"), stdout); fputs(_(" -P, --pty create a new pseudo-terminal\n"), stdout); + fputs(_(" -T, --no-pty do not create a new pseudo-terminal (bad security!)\n"), stdout); fputs(USAGE_SEPARATOR, stdout); printf(USAGE_HELP_OPTIONS(33)); @@ -1057,6 +1058,7 @@ int su_main(int argc, char **argv, int mode) {"login", no_argument, NULL, 'l'}, {"preserve-environment", no_argument, NULL, 'p'}, {"pty", no_argument, NULL, 'P'}, + {"no-pty", no_argument, NULL, 'T'}, {"shell", required_argument, NULL, 's'}, {"group", required_argument, NULL, 'g'}, {"supp-group", required_argument, NULL, 'G'}, @@ -1082,7 +1084,7 @@ int su_main(int argc, char **argv, int mode) su->conv.appdata_ptr = (void *) su; while ((optc = - getopt_long(argc, argv, "c:fg:G:lmpPs:u:hVw:", longopts, + getopt_long(argc, argv, "c:fg:G:lmpPTs:u:hVw:", longopts, NULL)) != -1) { err_exclusive_options(optc, longopts, excl, excl_st); @@ -1132,6 +1134,10 @@ int su_main(int argc, char **argv, int mode) #endif break; + case 'T': + su->force_pty = 0; + break; + case 's': shell = optarg; break; diff --git a/login-utils/su.1.adoc b/login-utils/su.1.adoc index 36a892fab5..76c54aa00f 100644 --- a/login-utils/su.1.adoc +++ b/login-utils/su.1.adoc @@ -74,6 +74,10 @@ If the target user has a restricted shell (i.e., not listed in _/etc/shells_), t **--session-command=**__command__:: Same as *-c*, but do not create a new session. (Discouraged.) +*-T*, *--no-pty**:: +Do not create a pseudo-terminal, opposite of *--pty* and *-P*. +Note that running without a pseudo-terminal opens the security risk of privilege escalation through TIOCSTI/TIOCLINUX ioctl command injection. + *-w*, **--whitelist-environment**=__list__:: Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*.