主页 / unix / 问题 / 785637
Accepted
Carlo C
Asked: 2024-10-26 00:41:05 +0800 CST

sudo 会产生一个具有新控制 PTY 的新会话

  • 772

在 Linux Ubuntu 上,当我在终端运行sudo susudo su -系统创建一个具有新控制的新会话时pts,即

ubuntu@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.5 LTS
Release:        22.04
Codename:       jammy
ubuntu@ubuntu:~$ 
ubuntu@ubuntu:~$ uname -a
Linux ubuntu 5.15.0-124-generic #134-Ubuntu SMP Fri Sep 27 20:20:17 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ubuntu:~$ 
ubuntu@ubuntu:~$ ps
    PID TTY          TIME CMD
 143254 pts/0    00:00:00 bash
 143302 pts/0    00:00:00 ps
ubuntu@ubuntu:~$ 
ubuntu@ubuntu:~$ sudo su -
root@ubuntu:~# 
root@ubuntu:~# ps
    PID TTY          TIME CMD
 143304 pts/1    00:00:00 sudo
 143305 pts/1    00:00:00 su
 143306 pts/1    00:00:00 bash
 143316 pts/1    00:00:00 ps
root@ubuntu:~#

这是预期的行为吗?

根据评论中的要求:

$ ps     
PID TTY          TIME CMD  
146202 pts/0    00:00:00 bash  
146231 pts/0    00:00:00 ps 

$ sudo -s 
root@ubuntu:/home/ubuntu# ps
PID TTY          TIME CMD  
146233 pts/1    00:00:00 sudo  
146234 pts/1    00:00:00 bash  
146240 pts/1    00:00:00 ps
sudo

1 个回答

  1. Best Answer

    来自man sudoersUbuntu 22.04

     use_pty           If set, and sudo is running in a terminal, the command will be run in a
                   pseudo-terminal (even if no I/O logging is being done).  If the sudo
                   process is not attached to a terminal, use_pty has no effect.

                   A malicious program run under sudo may be capable of injecting commands
                   into the user's terminal or running a background process that retains
                   access to the user's terminal device even after the main program has
                   finished executing.  By running the command in a separate pseudo-terminal,
                   this attack is no longer possible.  This flag is off by default.

    虽然它说默认情况下禁用此功能,但它在 sudo 1.9.14 中默认启用,并且似乎此配置更改已反向移植到 Ubuntu 22.04 中的版本(或者更确切地说,在 20.04 和 22.04 之间的某个版本中)。检查软件包变更日志,这样做是为了解决 CVE:

    sudo (1.9.6-1~exp2) experimental; urgency=low

  [ Marc Haber ]
  * add use_pty to default configuration, fixing CVE-2005-4890.
    Thanks to Daniel Kahn Gillmor (Closes: #657784)

    此处提到的导致 Ubuntu 上游发生此更改的 Debian 错误报告是https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657784 : 'CVE-2005-4890: tty hijacking possible in "sudo" via TIOCSTI ioctl'。因此,现在手册页中存在有关默认状态的文档错误。

    • 5

相关问题