bug#24541: runcon tty hijacking via TIOCSTI ioctl

2017-08-28 Thread Kamil Dudka
On Monday, August 28, 2017 11:51:12 AM CEST Pádraig Brady wrote: > On 29/09/16 08:15, Bernhard Voelker wrote: > > On 09/26/2016 05:53 PM, Paul Eggert wrote: > >>> "I don't think we need to fix this for runcon, as it isn't as > >>> sandboxing tool like sandbox, and the loss of job control would

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2017-08-28 Thread Pádraig Brady
On 29/09/16 08:15, Bernhard Voelker wrote: > On 09/26/2016 05:53 PM, Paul Eggert wrote: >>> "I don't think we need to fix this for runcon, as it isn't as >>> sandboxing tool like sandbox, and the loss of job control would likely >>> be much more noticeable for runcon." >> >> Thanks, closing the

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-29 Thread Bernhard Voelker
On 09/26/2016 05:53 PM, Paul Eggert wrote: >> "I don't think we need to fix this for runcon, as it isn't as >> sandboxing tool like sandbox, and the loss of job control would likely >> be much more noticeable for runcon." > > Thanks, closing the debbugs bug report. FWIW Karel just committed a

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-26 Thread Paul Eggert
"I don't think we need to fix this for runcon, as it isn't as sandboxing tool like sandbox, and the loss of job control would likely be much more noticeable for runcon." Thanks, closing the debbugs bug report.

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-26 Thread up201407890
Quoting "Paul Eggert" : Hello, I set the bug report here before I got a response from Paul Moore https://marc.info/?l=selinux=147481004710264=2 "I don't think we need to fix this for runcon, as it isn't as sandboxing tool like sandbox, and the loss of job control would

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-26 Thread Pádraig Brady
On 25/09/16 12:39, up201407...@alunos.dcc.fc.up.pt wrote: > When executing a program via the runcon utility, the nonpriv session > can escape to the parent session by using the TIOCSTI ioctl to push > characters into the terminal's input buffer, allowing an attacker to > execute arbitrary commands

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-26 Thread Pádraig Brady
On 25/09/16 12:39, up201407...@alunos.dcc.fc.up.pt wrote: > When executing a program via the runcon utility, the nonpriv session > can escape to the parent session by using the TIOCSTI ioctl to push > characters into the terminal's input buffer, allowing an attacker to > execute arbitrary commands

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-25 Thread Paul Eggert
up201407...@alunos.dcc.fc.up.pt wrote re : When executing a program via the runcon utility, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to execute arbitrary

bug#24541: runcon tty hijacking via TIOCSTI ioctl

2016-09-25 Thread up201407890
When executing a program via the runcon utility, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to execute arbitrary commands without the SELinux security context. $ cat test.c #include