On Sat, Sep 24, 2016 at 5:57 AM, <up201407890@xxxxxxxxxxxxxxxxxxx> wrote: > Quoting "Stephen Smalley" <sds@xxxxxxxxxxxxx>: >> Thank you for the bug report. This bug is now fixed in upstream commit >> acca96a135a4d2a028ba9b636886af99c0915379. > > Cool, thanks. Though it'll lose job control, that's why most 'su-like' > programs refuse to patch this and are still vulnerable. I think we should wait and and see if people complain about the loss of job control; I'd rather see us fix the problem with TIOCSTI. > Anyways, the same happens with the 'runcon' utility: I don't think we need to fix this for runcon, as it isn't as sandboxing tool like sandbox, and the loss of job control would likely be much more noticeable for runcon. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
