On 2/25/2016 1:51 PM, [email protected] wrote: > When executing a program via "runuser -u nonpriv program" the > nonpriv session can > escape to the parent session by using the TIOCSTI ioctl to push > characters into the > terminal's input buffer, allowing privilege escalation. > This issue has been fixed in "su" by calling setsid() and in "sudo" by > using the "use_pty" flag
How does setsid() help this? And wouldn't it break the ability to use ctrl-c and ctrl-z on the child program ( since the child won't have a controlling terminal )? I would think the fix would be to simply flush the terminal input buffer after the child exits.

