From c39447445c12a21a85e42bc8dd7d70091298349d Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Thu, 6 Oct 2016 10:28:33 +0200 Subject: [PATCH] docs: update infor about TIOCSTI Signed-off-by: Karel Zak --- Documentation/TODO | 4 ++++ Documentation/releases/v2.29-ReleaseNotes | 11 +++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/Documentation/TODO b/Documentation/TODO index af00ab33bb..c86f0996ea 100644 --- a/Documentation/TODO +++ b/Documentation/TODO @@ -1,6 +1,10 @@ Note that items with (!) have high priority. +su/runuser: + - (!) implement pty container for all su/runuser session (something like + script(1)) to separate user from the original terminal (see CVE-2016-2779) + - add functions strtime_short(), strtime_iso(), strtime_ctime(), ... - cleanup lib/path.c: diff --git a/Documentation/releases/v2.29-ReleaseNotes b/Documentation/releases/v2.29-ReleaseNotes index 656a6a9d6b..fe556039a2 100644 --- a/Documentation/releases/v2.29-ReleaseNotes +++ b/Documentation/releases/v2.29-ReleaseNotes @@ -4,8 +4,15 @@ Util-linux 2.29 Release Notes Security issues --------------- -CVE-2016-2779 -- fixed by workeround based on libseccomp, the workaround - disables TIOCSTI ioctl in su/runuser session. +CVE-2016-2779 + +This security issue is NOT FIXED yet. It is possible to disable the ioctl +TIOCSTI by setsid() only. Unfortunately, setsid() has well-defined use cases +in su(1) and runuser(1) and any changes would introduce regressions. It seems +we need a better way -- ideally another ioctl to disable TIOCSTI without +setsid() or in userspace implemented pty container (planned as experimental +feature). + Stable maintenance releases between v2.28 and v2.29 --------------------------------------------------- -- 2.47.3