From: Stanislav Brabec <sbrabec@suse.cz>
To: Karel Zak <kzak@redhat.com>
Cc: util-linux@vger.kernel.org,
Federico Bento <up201407890@alunos.dcc.fc.up.pt>,
Jiri Slaby <jslaby@suse.cz>
Subject: Re: Fixing su + runuser vulnerability CVE-2016-2779
Date: Tue, 8 Mar 2016 17:02:44 +0100 [thread overview]
Message-ID: <56DEF7A4.4090209@suse.cz> (raw)
In-Reply-To: <20160307131358.kzu4qb5yu6u7fd4x@ws.net.home>
On Mar 7, 2016 at 14:13 Karel Zak wrote:
> On Wed, Mar 02, 2016 at 08:35:54PM +0100, Stanislav Brabec wrote:
>> There are some controversial things with the straightforward fix:
>>
>> setsid() prevents TIOCSTI attack described in the report (easy to
>> reproduce), but it has side effects: It disconnects the task from job
>> control. With setsid(), ^Z cannot be used for sending the application
>> to background any more (easy to reproduce by calling setsid()
>> unconditionally in the same place).
>>
>> su-common.c now calls setsid() only if new session is requested.
>
> Yes, it's pretty stupid situation.
>
> We have exactly specified setsid() use-cases and now TIOCSTI ioctl
> forces us to modify the things (and maybe introduce regressions),
> because the crazy ioctl is not possible to disable by any another
> way...
I would like to see a kernel support for selective disabling of TIOCSTI
without side effects like setsid() has.
setsid() fallback would be used for kernels that don't support it.
I am not sure, how complicated would be adding of such feature to the
kernel.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec@suse.com
Lihovarská 1060/12 tel: +49 911 7405384547
190 00 Praha 9 fax: +420 284 084 001
Czech Republic http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
next prev parent reply other threads:[~2016-03-08 16:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 19:35 Fixing su + runuser vulnerability CVE-2016-2779 Stanislav Brabec
2016-03-02 23:39 ` Ángel González
2016-03-03 0:37 ` up201407890
2016-03-03 16:21 ` Stanislav Brabec
2016-03-04 16:13 ` Stanislav Brabec
2016-03-04 18:03 ` up201407890
2016-03-04 23:50 ` Ángel González
2016-03-08 16:33 ` Stanislav Brabec
2016-03-07 13:13 ` Karel Zak
2016-03-08 16:02 ` Stanislav Brabec [this message]
2016-09-29 14:40 ` Karel Zak
2016-10-02 13:16 ` Florian Weimer
2016-10-03 10:28 ` Karel Zak
2016-10-03 13:29 ` Karel Zak
2016-10-09 11:09 ` Florian Weimer
2016-10-03 15:04 ` Karel Zak
2016-10-03 15:48 ` Pádraig Brady
2016-10-03 16:25 ` Karel Zak
2016-10-11 14:19 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DEF7A4.4090209@suse.cz \
--to=sbrabec@suse.cz \
--cc=jslaby@suse.cz \
--cc=kzak@redhat.com \
--cc=up201407890@alunos.dcc.fc.up.pt \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.