On 2/25/2016 1:51 PM, [email protected] wrote:
> When executing a program via "runuser -u nonpriv program" the
> nonpriv session can
> escape to the parent session by using the TIOCSTI ioctl to push
> characters into the
> terminal's input buffer, allowing privilege escalation.
> This issue has been fixed in "su" by calling setsid() and in "sudo" by
> using the "use_pty" flag

How does setsid() help this?  And wouldn't it break the ability to use
ctrl-c and ctrl-z on the child program ( since the child won't have a
controlling terminal )?  I would think the fix would be to simply flush
the terminal input buffer after the child exits.

Reply via email to