On Sun, Oct 02, 2016 at 03:16:00PM +0200, Florian Weimer wrote: > * Karel Zak: > > > I have applied patch based on libseccomp syscall filter: > > > > https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2 > > > > it works as expected, but IMHO it's workaround for our stupid kernel... > > How does this work? > > Isn't it possible to pass the descriptor to another, unrestricted > process (perhaps spawned from cron) and then run the ioctl from there? Good point, I don't know. The question is how secure is TIOCSTI itself, does it work for arbitrary another process which without any relation to the original tty processes? The ioctl should be fired in the hell... :-) Karel -- Karel Zak <kzak@xxxxxxxxxx> http://karelzak.blogspot.com -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
