On Wed, Mar 02, 2016 at 08:35:54PM +0100, Stanislav Brabec wrote:
> There are some controversial things with the straightforward fix:
>
> setsid() prevents TIOCSTI attack described in the report (easy to
> reproduce), but it has side effects: It disconnects the task from job
> control. With setsid(), ^Z cannot be used for sending the application
> to background any more (easy to reproduce by calling setsid()
> unconditionally in the same place).
>
> su-common.c now calls setsid() only if new session is requested.
Yes, it's pretty stupid situation.
We have exactly specified setsid() use-cases and now TIOCSTI ioctl
forces us to modify the things (and maybe introduce regressions),
because the crazy ioctl is not possible to disable by any another
way...
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
