On 01/22/2014 01:55 AM, Russell Coker wrote: > https://lists.debian.org/debian-devel/2014/01/msg00164.html > > Above is the URL for a post to debian-devel about su and exploits involving > TIOCSTI ioctl. They mention runcon, should we be calling setsid() in there? > > I haven't inspected the runcon source recently, but a quick strace run on > Debian/Unstable shows that setsid() isn't being called. SELinux revalidates access to the controlling tty on a context transition and will drop the controlling tty if it is not allowed. So at present that is controlled by policy. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
