]> git.ipfire.org Git - thirdparty/util-linux.git/commit
projects / thirdparty / util-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a0a8e98) | patch
su,runuser: add libseccomp based workaround for TIOCSTI ioctl
authorKarel Zak <kzak@redhat.com>
Thu, 29 Sep 2016 14:32:33 +0000 (16:32 +0200)
committerKarel Zak <kzak@redhat.com>
Thu, 29 Sep 2016 14:32:33 +0000 (16:32 +0200)
commit8e4925016875c6a4f2ab4f833ba66f0fc57396a2
treea6cb7d8cd2d619895c6de6975fe6c904875e5cc5tree | snapshot
parenta0a8e9884443601abf9f06b715f2f6bb0820cbadcommit | diff
su,runuser: add libseccomp based workaround for TIOCSTI ioctl

This patch add libseccomp based syscalls filter to disable TIOCSTI
ioctl in su/runuser children.

IMHO it is not elegant solution due to dependence on libseccomp
(--without-seccomp if hate it)... but there is nothing better for now.

Addresses: CVE-2016-2779
Signed-off-by: Karel Zak <kzak@redhat.com>
configure.ac diff | blob | blame | history
login-utils/Makemodule.am diff | blob | blame | history
login-utils/su-common.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.