oss-sec mailing list archives
Re: CVE-2016-7545 -- SELinux sandbox escape
From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 26 Sep 2016 18:54:09 +0200
* up201407890 () alunos dcc fc up pt, 2016-09-25, 13:49:
When executing a program via the SELinux sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
Apparently every single program that tries to run stuff with reduced privileges falls through this trap.
Are there any use cases for TIOCSTI other than producing exploits? -- Jakub Wilk
Current thread:
- CVE-2016-7545 -- SELinux sandbox escape up201407890 (Sep 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape John Haxby (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape up201407890 (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas (Sep 26)
- Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 29)
- Re: CVE-2016-7545 -- SELinux sandbox escape Christos Zoulas (Sep 29)
- Re: CVE-2016-7545 -- SELinux sandbox escape Jakub Wilk (Sep 26)