Re: Fixing su + runuser vulnerability CVE-2016-2779

Util-Linux package development
 help / color / mirror / Atom feed

From: "Ángel González" <ingenit@zoho.com>
To: util-linux@vger.kernel.org
Cc: up201407890@alunos.dcc.fc.up.pt, Stanislav Brabec <sbrabec@suse.cz>
Subject: Re: Fixing su + runuser vulnerability CVE-2016-2779
Date: Sat, 05 Mar 2016 00:50:02 +0100	[thread overview]
Message-ID: <56DA1F2A.5040104@zoho.com> (raw)
In-Reply-To: <20160304190312.17036kwlv8g5ydk4@webmail.alunos.dcc.fc.up.pt>

I was thinking about this and the problem is actually that runuser 
returns (and control is returned to the privileged parent) while there's 
an unprivileged descendant with a handle to the tty.
Thus, it seems that it could be solved by having runuser run the child 
into a new cgroup and refusing to return while there's any remaining 
process there.

Although depending on the exact way that people is expecting to use job 
control, that might still interefere despite not changing the session 
leader. Do we know actual usages that should continue working?

Regards

next prev parent reply	other threads:[~2016-03-04 23:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-02 19:35 Fixing su + runuser vulnerability CVE-2016-2779 Stanislav Brabec
2016-03-02 23:39 ` Ángel González
2016-03-03  0:37 ` up201407890
2016-03-03 16:21   ` Stanislav Brabec
2016-03-04 16:13     ` Stanislav Brabec
2016-03-04 18:03       ` up201407890
2016-03-04 23:50         ` Ángel González [this message]
2016-03-08 16:33           ` Stanislav Brabec
2016-03-07 13:13 ` Karel Zak
2016-03-08 16:02   ` Stanislav Brabec
2016-09-29 14:40     ` Karel Zak
2016-10-02 13:16       ` Florian Weimer
2016-10-03 10:28         ` Karel Zak
2016-10-03 13:29           ` Karel Zak
2016-10-09 11:09             ` Florian Weimer
2016-10-03 15:04       ` Karel Zak
2016-10-03 15:48         ` Pádraig Brady
2016-10-03 16:25           ` Karel Zak
2016-10-11 14:19 ` Karel Zak

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56DA1F2A.5040104@zoho.com \
    --to=ingenit@zoho.com \
    --cc=sbrabec@suse.cz \
    --cc=up201407890@alunos.dcc.fc.up.pt \
    --cc=util-linux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox