README ====== ptyas is a small su/sudo replacement which prevents TTY hijacking by starting a new session with a separate terminal and proxying all input. It must be run as root and changes the owner to the specified user name, permanently dropping all root permissions. For details about the possible attacks see https://ruderich.org/simon/notes/su-sudo-from-root-tty-hijacking ptyas is licensed under AGPL version 3 or later. DEPENDENCIES ------------ - C99 compiler - UNIX 98 pseudoterminals USAGE ----- ptyas [] If no command is given, the user's shell is started. Otherwise the command is executed (which is useful if the user's shell is disabled). BUGS ---- If you find any bugs not mentioned in this document please report them to with ptyas in the subject. AUTHORS ------- Written by Simon Ruderich . LICENSE ------- ptyas is licensed under AGPL version 3 or later. Copyright (C) 2016-2019 Simon Ruderich This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see .