-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"su --pty -" fails to pass through the characteristics of the terminal, special keypresses, etc. #767
Comments
Here's another way that the
(the problem is that the second command hangs forever unless i send it a ctrl-C) Note that in such a pipeline, file descriptor 0 isn't connected to a tty, but fd 1 and 2 are still connected, and therefore the first command is still vulnerable to TIOCSTI abuse. I plan to continue experimenting with switching in |
* use proper winsize rather than uninitialized variable (Oops...) * set the current terminal to the raw mode * disable ECHO for non-terminal execution to be compatible with non-pty output Addresses: #767 Signed-off-by: Karel Zak <kzak@redhat.com>
The problem with special keys and winsize is fixed. I have also fixed signal handling on kill and dumps. Not sure what do you mean with pipeline and the file descriptors:
in this case bash (15980) uses another terminal. |
Anyway, thanks for testing! |
thanks for the quick fixes, @karelzak ! the issue with the pipeline is that this command produces the correct output, and then terminates immediately:
But this command produces the correct output and then hangs indefinitely:
does it not hang for you? I'm running with util-linux 2.33.1-0.1 on debian testing/unstable. |
hm, testing from git master, i see that it now does not hang, that's good :) Bisecting with git, it looks like the hang was fixed by 282ca3d |
hm, the text added in 64a87be suggests:
that makes it likely to be ignored in places deeper in the infrastructure that don't even know whether they'll be getting a terminal (like update-ieee-data), but those are the very places where the pty isolation is important to defend the superuser's terminal against compromise by the non-privileged process. |
Testing against git master (64a87be), i see a significant delay when i use I captured an strace to see what was happening like so:
I'm attaching the generated runuser.strace.txt. It looks like the parent runuser process cycles through 2 seconds of quarter-second
|
I should mention that i don't see this delay when |
The delay appears to be in |
Yes, it's necessary otherwise we will send data and EOF to child before it's ready to read it. All this is from script(1) where we spent years to implement "pipe to interactive session". |
when using
--pty
withsu
, the width of the terminal is not transmitted to the child process:Additionally, when using
--pty
without an explicit command (just running a shell), the "up" and "down" arrow keys don't seem to work any more (i'm using rxvt-unicode, in case that matters). Instead, i see the following characters emitted directly in the session:^[[A^[[B
. Likewise, pressing ctrl-A doesn't do what i expect, instead it just prints^A
. This makes it very difficult to use the command line undersu --pty -
the way one would expect.The text was updated successfully, but these errors were encountered: