Quoting "Simon McVittie" :
Control: reassign 850702 bubblewrap 0~git160513-1
Control: forwarded 850702
https://github.com/projectatomic/bubblewrap/issues/142
Control: tags 850702 + security upstream
On Mon, 09 Jan 2017 at 14:19:36 +0100, up201407...@alunos.dcc.fc.up.pt wrote:
When executing
Source: bubblewrap
Version: All
Severity: grave
Hi,
When executing a program via the bubblewrap sandbox, the nonpriv
session can escape to the parent session by using the TIOCSTI ioctl to
push characters into the terminal's input buffer, allowing an attacker
to escape the sandbox.
This has been
Quoting "Ola Lundqvist" :
This is known.
I "complained" at the time, as it can be seen here:
https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
Version: all (see note below)
Hardware: all
Operating system: Debian GNU Linux (but all should be affected)
Compiler: gcc
Hi
In CVE-
Quoting "Simon Ruderich" :
It's an invasion of privacy, as I said, for normal users.
In your case, if you're changing to an unprivileged user without a
shell nor password, probably some sort of "locked" account, how is an
attacker going to make use of TIOCSTI to exploit your system?
(Assum
Quoting "Karel Zak" :
Anyways, it is bad admin practice and/or an invasion of privacy to su
to an unprivileged user.
This has been talked alot in the past, in most of the times even
closed as "WONTFIX".
What I'm saying is, it's OK if you can't come up with something.
Better use 'su -c'
Quoting "Simon Ruderich" :
Loss of job control in the shell.
On Mon, Oct 03, 2016 at 04:22:47PM +0200, Karel Zak wrote:
The problem is that we don't want to use setsid() in all situations,
because it will introduce regressions. From util-linux ReleaseNotes:
Hello,
Thanks for your quick repl
Quoting "Simon Ruderich" :
Btw, at least in redhat based systems, su uses setsid() when the -c
option is given, just like use_pty in sudo. Not sure if this is true
in debian.
On Sun, Oct 02, 2016 at 10:54:06AM +0200,
up201407...@alunos.dcc.fc.up.pt wrote:
Hello Simon,
This has been rece
Hello Simon,
This has been recently patched by using seccomp to blacklist this ioctl.
https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2
This message was sent using IMP, the Internet Messaging P
Package: policycoreutils
Severity: important
Tags: security
Hi,
When executing a program via the SELinux sandbox, the nonpriv session
can escape to the parent session by using the TIOCSTI ioctl to push
characters into the terminal's input buffer, allowing an attacker to
escape the sandbox.
Package: rsyslog
Version: 7.4.8
Severity: important
Tags: security
Hi,
It seems to me that it is possible to inject terminal escape sequences
into log files via syslog(3)
# tail -f /var/log/messages
Aug 23 13:50:33 ghetto kernel: ACPI Error: Method parse/execution
failed [\_GPE._L10] (Nod
Quoting "Phil Susi" :
On 2/27/2016 4:23 AM, up201407...@alunos.dcc.fc.up.pt wrote:
And yes, there would be no job control if you started a shell from
there. This is why in "su" setsid() is called only with "-c", partially
fixing the issue. If one would to "su - user" it would still be vulnerabl
Quoting "Phil Susi" :
How does setsid() help this? And wouldn't it break the ability to use
ctrl-c and ctrl-z on the child program ( since the child won't have a
controlling terminal )? I would think the fix would be to simply flush
the terminal input buffer after the child exits.
Hello Phi
Package: util-linux
Version: all
Severity: important
When executing a program via "runuser -u nonpriv program" the
nonpriv session can
escape to the parent session by using the TIOCSTI ioctl to push
characters into the
terminal's input buffer, allowing privilege escalation.
This issue has been f
Package: policykit-1
Version: all
Severity: important
File: /usr/bin/pkexec
When executing a program via "pkexec --user nonpriv program" the
nonpriv session can escape to the parent session by using the TIOCSTI
ioctl to push characters into the terminal's input buffer, allowing
privilege es
Package: util-linux
Version: 2.26.2
Actually, all versions of util-linux are affected.
Hello, Federico Bento here.
During a recent assessment I have stumbled across a system which had
hwclock(8) setuid root
$ man hwclock | sed -n '223,231p'
Users access and setuid
Sometimes, you nee
Package: perl
Version: 5
Hello. My name is Federico Manuel Bento, and i have found what it
_appears_ to be a buffer overflow on the a2p (awk2perl)
utility. It comes by default on several different systems.
Tested on Fedora 20, Fedora 19, Debian, and works probably on every
UNIX-likes inclu
16 matches
Mail list logo
