On Tue, Mar 08, 2016 at 05:02:44PM +0100, Stanislav Brabec wrote: > On Mar 7, 2016 at 14:13 Karel Zak wrote: > > On Wed, Mar 02, 2016 at 08:35:54PM +0100, Stanislav Brabec wrote: > > > There are some controversial things with the straightforward fix: > > > > > > setsid() prevents TIOCSTI attack described in the report (easy to > > > reproduce), but it has side effects: It disconnects the task from job > > > control. With setsid(), ^Z cannot be used for sending the application > > > to background any more (easy to reproduce by calling setsid() > > > unconditionally in the same place). > > > > > > su-common.c now calls setsid() only if new session is requested. > > > > Yes, it's pretty stupid situation. > > > > We have exactly specified setsid() use-cases and now TIOCSTI ioctl > > forces us to modify the things (and maybe introduce regressions), > > because the crazy ioctl is not possible to disable by any another > > way... > > I would like to see a kernel support for selective disabling of TIOCSTI > without side effects like setsid() has. > > setsid() fallback would be used for kernels that don't support it. > > I am not sure, how complicated would be adding of such feature to the > kernel. I have applied patch based on libseccomp syscall filter: https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2 it works as expected, but IMHO it's workaround for our stupid kernel... Karel -- Karel Zak <kzak@xxxxxxxxxx> http://karelzak.blogspot.com -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
