oss-sec mailing list archives

Re: TIOCSTI not going away

From: Lizzie Dixon <_ () lizzie io>
Date: Sat, 3 Jun 2017 18:35:14 -0700

On 06/03, Solar Designer wrote:

Hi,

Many su-like programs can be used to run other programs with reduced (or
otherwise different, rather than strictly elevated) privileges.  This
includes su itself (such as when su'ing from root to a user), as well as
various container entry commands, etc.

Many (probably most) of those got it wrong at first, keeping the same
tty across the privilege boundary.  Numerous such issues were reported:

[...]

This list is not exhaustive.


For the benefit of the list: busybox su also has this issue, but the
maintainer has declined to fix it.

https://bugs.busybox.net/show_bug.cgi?id=9401

Best,

L.

Current thread:

TIOCSTI not going away Solar Designer (Jun 03)
- Re: TIOCSTI not going away Karel Zak (Jun 03)
- Re: TIOCSTI not going away Lizzie Dixon (Jun 03)
- Re: TIOCSTI not going away Solar Designer (Jun 29)
  - Re: TIOCSTI not going away Nick Kralevich (Jun 29)
  - Re: TIOCSTI not going away Todd C. Miller (Jun 29)
  - Re: TIOCSTI not going away Christos Zoulas (Jun 29)