git.ipfire.org Git - thirdparty/coreutils.git/commit

author	Pádraig Brady <P@draigBrady.com>
	Mon, 28 Aug 2017 08:57:54 +0000 (01:57 -0700)
committer	Pádraig Brady <P@draigBrady.com>
	Tue, 29 Aug 2017 07:38:19 +0000 (00:38 -0700)
commit	8cb06d4b44a67f89f24b25e2394365533f6e5968
tree	5a250b691b1b17f2d59d7e190c4a2649f7ee93e8	tree
parent	799bac0d06cfabe9491498727308df8d1aca6d98	commit \| diff

runcon: disable use of the TIOCSTI ioctl

Similar to the issue with SELinux sandbox (CVE-2016-7545),
children of runcon can inject arbitrary input to the terminal
that would be run at the originating terminal privileges.

The new libseccomp dependency is widely available and used
on modern SELinux systems, but is not available by default
on older systems like RHEL6 etc.

* m4/jm-macros.m4: Check for libseccomp and
warn if unavailable on selinux supporting systems.
* src/local.mk: Link runcon with -lseccomp.
* src/runcon.c (disable_tty_inject): A new function to
disable use of the TIOCSTI using libseccomp, or with setsid()
where libseccomp is unavailable.
* tests/misc/runcon-no-inject.sh: A new test that uses
python to make the TIOCSTI call, and ensure that doesn't succeed.
* tests/local.mk: Reference the new test
* NEWS: Mention the fix.
Addresses http://bugs.gnu.org/24541

NEWS		diff \| blob \| blame \| history
m4/jm-macros.m4		diff \| blob \| blame \| history
src/local.mk		diff \| blob \| blame \| history
src/runcon.c		diff \| blob \| blame \| history
tests/local.mk		diff \| blob \| blame \| history
tests/misc/runcon-no-inject.sh	[new file with mode: 0755]	blob