Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Feb 2016 17:14:09 +0500
From: "Alexander E. Patrakov" <patrakov@...il.com>
To: oss-security@...ts.openwall.com, up201407890@...nos.dcc.fc.up.pt
Cc: cve-assign@...re.org
Subject: Re: Re: CVE Request: util-linux runuser tty hijacking
 via TIOCSTI ioctl

27.02.2016 18:44, cve-assign@...re.org пишет:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> When executing a program via "runuser -u nonpriv program" the
>> nonpriv session can
>> escape to the parent session by using the TIOCSTI ioctl to push
>> characters into the
>> terminal's input buffer
>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922
>
> Use CVE-2016-2779.

One more case:

chroot --userspec=someuser:somegroup / /path/to/test

This also runs "id" at the end.

-- 
Alexander E. Patrakov

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ