From 6461eeecd7abba33bbad4b81df25ca999dbeaed2 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Wed, 23 Aug 2017 13:49:23 +0200 Subject: su: add more informartion to man page Signed-off-by: Karel Zak --- login-utils/su.1 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'login-utils') diff --git a/login-utils/su.1 b/login-utils/su.1 index 4939be86b..31801c1da 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -107,7 +107,16 @@ nor This option is ignored if the option \fB\-\-login\fR is specified. .TP .BR \-P , " \-\-pty" -Create pseudo-terminal for the session. +Create pseudo-terminal for the session. The independent terminal provides +better security as user does not share terminal with the original +session. This allow to avoid TIOCSTI ioctl terminal injection and another +security attacks against terminal file descriptors. The all session is also +possible to move to background (e.g. "su --pty - usename -c +application &"). If the pseudo-terminal is enabled then su command works +as a proxy between the sessions (copy stdin and stdout). + +This feature is EXPERIMENTAL for now and may be removed in the next releases. + .TP .BR \-s , " \-\-shell" = \fIshell Run the specified \fIshell\fR instead of the default. The shell to run is @@ -262,7 +271,7 @@ session required pam_lastlog.so nowtmp .SH HISTORY This \fBsu\fR command was derived from coreutils' \fBsu\fR, which was based on an implementation by -David MacKenzie. +David MacKenzie. The util-linux has been refactored by Karel Zak. .SH AVAILABILITY The su command is part of the util-linux package and is available from -- cgit v1.2.3-55-g7522