From: Stanislav Brabec <sbrabec@suse.cz>
To: Karel Zak <kzak@redhat.com>
Cc: util-linux@vger.kernel.org,
Federico Bento <up201407890@alunos.dcc.fc.up.pt>,
Jiri Slaby <jslaby@suse.cz>
Subject: Re: Fixing su + runuser vulnerability CVE-2016-2779
Date: Tue, 8 Mar 2016 17:02:44 +0100 [thread overview]
Message-ID: <56DEF7A4.4090209@suse.cz> (raw)
In-Reply-To: <20160307131358.kzu4qb5yu6u7fd4x@ws.net.home>
On Mar 7, 2016 at 14:13 Karel Zak wrote:
> On Wed, Mar 02, 2016 at 08:35:54PM +0100, Stanislav Brabec wrote:
>> There are some controversial things with the straightforward fix:
>>
>> setsid() prevents TIOCSTI attack described in the report (easy to
>> reproduce), but it has side effects: It disconnects the task from job
>> control. With setsid(), ^Z cannot be used for sending the application
>> to background any more (easy to reproduce by calling setsid()
>> unconditionally in the same place).
>>
>> su-common.c now calls setsid() only if new session is requested.
>
> Yes, it's pretty stupid situation.
>
> We have exactly specified setsid() use-cases and now TIOCSTI ioctl
> forces us to modify the things (and maybe introduce regressions),
> because the crazy ioctl is not possible to disable by any another
> way...
I would like to see a kernel support for selective disabling of TIOCSTI
without side effects like setsid() has.
setsid() fallback would be used for kernels that don't support it.
I am not sure, how complicated would be adding of such feature to the
kernel.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec@suse.com
Lihovarská 1060/12 tel: +49 911 7405384547
190 00 Praha 9 fax: +420 284 084 001
Czech Republic http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
next prev parent reply other threads:[~2016-03-08 16:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 19:35 Fixing su + runuser vulnerability CVE-2016-2779 Stanislav Brabec
2016-03-02 23:39 ` Ángel González
2016-03-03 0:37 ` up201407890
2016-03-03 16:21 ` Stanislav Brabec
2016-03-04 16:13 ` Stanislav Brabec
2016-03-04 18:03 ` up201407890
2016-03-04 23:50 ` Ángel González
2016-03-08 16:33 ` Stanislav Brabec
2016-03-07 13:13 ` Karel Zak
2016-03-08 16:02 ` Stanislav Brabec [this message]
2016-09-29 14:40 ` Karel Zak
2016-10-02 13:16 ` Florian Weimer
2016-10-03 10:28 ` Karel Zak
2016-10-03 13:29 ` Karel Zak
2016-10-09 11:09 ` Florian Weimer
2016-10-03 15:04 ` Karel Zak
2016-10-03 15:48 ` Pádraig Brady
2016-10-03 16:25 ` Karel Zak
2016-10-11 14:19 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DEF7A4.4090209@suse.cz \
--to=sbrabec@suse.cz \
--cc=jslaby@suse.cz \
--cc=kzak@redhat.com \
--cc=up201407890@alunos.dcc.fc.up.pt \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox