diff options
author | Karel Zak | 2019-03-04 13:13:30 +0100 |
---|---|---|
committer | Karel Zak | 2019-03-04 13:13:30 +0100 |
commit | 0b07e2682f09fdf34874c14372c9059baf315a95 (patch) | |
tree | e58993b1c553fa63ef92f4e349782fa68f76dcd0 /login-utils | |
parent | Merge branch 'mps_losetup_has_device_inline' of https://github.com/marcosps/u... (diff) | |
download | kernel-qcow2-util-linux-0b07e2682f09fdf34874c14372c9059baf315a95.tar.gz kernel-qcow2-util-linux-0b07e2682f09fdf34874c14372c9059baf315a95.tar.xz kernel-qcow2-util-linux-0b07e2682f09fdf34874c14372c9059baf315a95.zip |
su/runuser: don't mark --pty as experimental, add it to runuser.1 too
* let's assume that --pty is stable enough that we do not have to remove it ;-)
* add --pty to the runuser.1 man page
Addresses: https://github.com/karelzak/util-linux/issues/760
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils')
-rw-r--r-- | login-utils/runuser.1 | 9 | ||||
-rw-r--r-- | login-utils/su.1 | 3 |
2 files changed, 9 insertions, 3 deletions
diff --git a/login-utils/runuser.1 b/login-utils/runuser.1 index 221672200..e6b9a8e6b 100644 --- a/login-utils/runuser.1 +++ b/login-utils/runuser.1 @@ -101,6 +101,15 @@ sets argv[0] of the shell to in order to make the shell a login shell .RE .TP +.BR \-P , " \-\-pty" +Create pseudo-terminal for the session. The independent terminal provides +better security as user does not share terminal with the original +session. This allow to avoid TIOCSTI ioctl terminal injection and another +security attacks against terminal file descriptors. The all session is also +possible to move to background (e.g. "runuser --pty -u username -- command &"). +If the pseudo-terminal is enabled then runuser command works +as a proxy between the sessions (copy stdin and stdout). +.TP .BR \-m , " \-p" , " \-\-preserve\-environment" Preserve the entire environment, i.e. it does not set .BR HOME , diff --git a/login-utils/su.1 b/login-utils/su.1 index 5ae6d6b2d..f2b8fac8a 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -115,9 +115,6 @@ security attacks against terminal file descriptors. The all session is also possible to move to background (e.g. "su --pty - username -c application &"). If the pseudo-terminal is enabled then su command works as a proxy between the sessions (copy stdin and stdout). - -This feature is EXPERIMENTAL for now and may be removed in the next releases. - .TP .BR \-s , " \-\-shell" = \fIshell Run the specified \fIshell\fR instead of the default. The shell to run is |