ptyas (0.2, 2021-10-05)

Last updated 2021-10-05

ptyas is a minimal su/sudo replacement which prevents TTY hijacking by starting a new session with a separate terminal and proxying all input. It will either spawn the user’s default shell or run the given command.

It must be run as root and changes the owner to the specified user name, permanently dropping all root permissions.

For details about the possible attacks see su/sudo from root to another user allows TTY hijacking and arbitrary code execution.

ptyas is licensed under AGPL version 3 or later.

Requirements

C99 compiler
UNIX 98 pseudoterminals

Supported Systems

Tested on Debian GNU/Linux, OpenBSD and FreeBSD, but should work (with some minor changes) on any Unix system with pseudoterminals.

Usage

ptyas <user> [<command...>]

If no command is given, the user’s shell is started. Otherwise the command is executed (which is useful if the user’s shell is disabled).

Download

Current development happens in the git repository (also browsable as Gitweb):

git clone https://ruderich.org/simon/ptyas/ptyas.git

Version 0.2 (2021-10-05):
- Support FreeBSD
- Download: ptyas-0.2.tar.gz, ptyas-0.2.tar.gz.asc
Version 0.1 (2019-12-18):
- First release
- Download: ptyas-0.1.tar.gz, ptyas-0.1.tar.gz.asc

back

Last updated 2021-10-05

Impressum Datenschutzerklärung