GNU bug report logs - #24541
runcon tty hijacking via TIOCSTI ioctl

Previous Next

Package: coreutils;

Reported by: up201407890 <at> alunos.dcc.fc.up.pt

Date: Sun, 25 Sep 2016 15:58:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: 24541-done <at> debbugs.gnu.org
Subject: bug#24541: runcon tty hijacking via TIOCSTI ioctl
Date: Mon, 28 Aug 2017 02:51:12 -0700

[Message part 1 (text/plain, inline)]
On 29/09/16 08:15, Bernhard Voelker wrote:
> On 09/26/2016 05:53 PM, Paul Eggert wrote:
>>> "I don't think we need to fix this for runcon, as it isn't as
>>> sandboxing tool like sandbox, and the loss of job control would likely
>>> be much more noticeable for runcon."
>>
>> Thanks, closing the debbugs bug report.
> 
> FWIW Karel just committed a workaround for su/runuser in util-linux
> using libseccomp:
> 
> https://github.com/karelzak/util-linux/commit/8e492501

I think this issue is worth addressing with libseccomp.
That lib is a widely used dependency on SELinux systems
so not a significant dependency to add.
The attached uses libseccomp if available,
and falls back to using setsid() in the edge cases where not.

cheers,
Pádraig

[runcon-inject.patch (text/x-patch, attachment)]
This bug report was last modified 7 years and 270 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.