Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Feb 2016 17:14:09 +0500
From: "Alexander E. Patrakov" <>
Subject: Re: Re: CVE Request: util-linux runuser tty hijacking
 via TIOCSTI ioctl

27.02.2016 18:44, пишет:
> Hash: SHA256
>> When executing a program via "runuser -u nonpriv program" the
>> nonpriv session can
>> escape to the parent session by using the TIOCSTI ioctl to push
>> characters into the
>> terminal's input buffer
> Use CVE-2016-2779.

One more case:

chroot --userspec=someuser:somegroup / /path/to/test

This also runs "id" at the end.

Alexander E. Patrakov

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ