oss-sec mailing list archives
Re: TIOCSTI not going away
From: Lizzie Dixon <_ () lizzie io>
Date: Sat, 3 Jun 2017 18:35:14 -0700
On 06/03, Solar Designer wrote:
Hi, Many su-like programs can be used to run other programs with reduced (or otherwise different, rather than strictly elevated) privileges. This includes su itself (such as when su'ing from root to a user), as well as various container entry commands, etc. Many (probably most) of those got it wrong at first, keeping the same tty across the privilege boundary. Numerous such issues were reported: [...] This list is not exhaustive.
For the benefit of the list: busybox su also has this issue, but the maintainer has declined to fix it. https://bugs.busybox.net/show_bug.cgi?id=9401 Best, L.
Current thread:
- TIOCSTI not going away Solar Designer (Jun 03)
- Re: TIOCSTI not going away Karel Zak (Jun 03)
- Re: TIOCSTI not going away Lizzie Dixon (Jun 03)
- Re: TIOCSTI not going away Solar Designer (Jun 29)
- Re: TIOCSTI not going away Nick Kralevich (Jun 29)
- Re: TIOCSTI not going away Todd C. Miller (Jun 29)
- Re: TIOCSTI not going away Christos Zoulas (Jun 29)