bug#24541: runcon tty hijacking via TIOCSTI ioctl

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#24541: runcon tty hijacking via TIOCSTI ioctl

From:	Pádraig Brady
Subject:	bug#24541: runcon tty hijacking via TIOCSTI ioctl
Date:	Mon, 28 Aug 2017 02:51:12 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

On 29/09/16 08:15, Bernhard Voelker wrote:
> On 09/26/2016 05:53 PM, Paul Eggert wrote:
>>> "I don't think we need to fix this for runcon, as it isn't as
>>> sandboxing tool like sandbox, and the loss of job control would likely
>>> be much more noticeable for runcon."
>>
>> Thanks, closing the debbugs bug report.
> 
> FWIW Karel just committed a workaround for su/runuser in util-linux
> using libseccomp:
> 
> https://github.com/karelzak/util-linux/commit/8e492501

I think this issue is worth addressing with libseccomp.
That lib is a widely used dependency on SELinux systems
so not a significant dependency to add.
The attached uses libseccomp if available,
and falls back to using setsid() in the edge cases where not.

cheers,
Pádraig

runcon-inject.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

bug#24541: runcon tty hijacking via TIOCSTI ioctl, Pádraig Brady <=
- bug#24541: runcon tty hijacking via TIOCSTI ioctl, Kamil Dudka, 2017/08/28

Prev by Date: bug#28082: bash: /bin/rm: Argument list too long
Next by Date: bug#24541: runcon tty hijacking via TIOCSTI ioctl
Previous by thread: bug#28228: split issue?
Next by thread: bug#24541: runcon tty hijacking via TIOCSTI ioctl
Index(es):
- Date
- Thread