Quoting "Phil Susi" <[email protected]>:
How does setsid() help this? And wouldn't it break the ability to use
ctrl-c and ctrl-z on the child program ( since the child won't have a
controlling terminal )? I would think the fix would be to simply flush
the terminal input buffer after the child exits.
Hello Phil,
Most of your questions are answered here:
https://bugzilla.redhat.com/show_bug.cgi?id=173008
And yes, there would be no job control if you started a shell from
there. This is why in "su" setsid() is called only with "-c",
partially fixing the issue. If one would to "su - user" it would still
be vulnerable.
http://www.openwall.com/lists/oss-security/2016/02/25/6
The same pkexec issue got assigned CVE-2016-2568 yesterday, if you
read my PS: "I don't believe any of the previous mentions of fixes for
"su" and
"sudo" would work here, since executing a shell via pkexec would make it not
have job control."
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.