Quoting "Phil Susi" <[email protected]>:

How does setsid() help this?  And wouldn't it break the ability to use
ctrl-c and ctrl-z on the child program ( since the child won't have a
controlling terminal )?  I would think the fix would be to simply flush
the terminal input buffer after the child exits.


Hello Phil,

Most of your questions are answered here:
https://bugzilla.redhat.com/show_bug.cgi?id=173008

And yes, there would be no job control if you started a shell from there. This is why in "su" setsid() is called only with "-c", partially fixing the issue. If one would to "su - user" it would still be vulnerable.

http://www.openwall.com/lists/oss-security/2016/02/25/6

The same pkexec issue got assigned CVE-2016-2568 yesterday, if you read my PS: "I don't believe any of the previous mentions of fixes for "su" and
"sudo" would work here, since executing a shell via pkexec would make it not
have job control."


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply via email to