Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Jun 2017 18:35:14 -0700
From: Lizzie Dixon <>
Subject: Re: TIOCSTI not going away

On 06/03, Solar Designer wrote:
> Hi,
> Many su-like programs can be used to run other programs with reduced (or
> otherwise different, rather than strictly elevated) privileges.  This
> includes su itself (such as when su'ing from root to a user), as well as
> various container entry commands, etc.
> Many (probably most) of those got it wrong at first, keeping the same
> tty across the privilege boundary.  Numerous such issues were reported:
> [...]
> This list is not exhaustive.

For the benefit of the list: busybox su also has this issue, but the
maintainer has declined to fix it.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ