diff options
author | Pádraig Brady <P@draigBrady.com> | 2017-08-28 01:57:54 -0700 |
---|---|---|
committer | Pádraig Brady <P@draigBrady.com> | 2017-08-29 00:38:19 -0700 |
commit | 8cb06d4b44a67f89f24b25e2394365533f6e5968 (patch) | |
tree | 5a250b691b1b17f2d59d7e190c4a2649f7ee93e8 /m4/jm-macros.m4 | |
parent | 799bac0d06cfabe9491498727308df8d1aca6d98 (diff) | |
download | coreutils-8cb06d4b44a67f89f24b25e2394365533f6e5968.tar.gz |
runcon: disable use of the TIOCSTI ioctl
Similar to the issue with SELinux sandbox (CVE-2016-7545),
children of runcon can inject arbitrary input to the terminal
that would be run at the originating terminal privileges.
The new libseccomp dependency is widely available and used
on modern SELinux systems, but is not available by default
on older systems like RHEL6 etc.
* m4/jm-macros.m4: Check for libseccomp and
warn if unavailable on selinux supporting systems.
* src/local.mk: Link runcon with -lseccomp.
* src/runcon.c (disable_tty_inject): A new function to
disable use of the TIOCSTI using libseccomp, or with setsid()
where libseccomp is unavailable.
* tests/misc/runcon-no-inject.sh: A new test that uses
python to make the TIOCSTI call, and ensure that doesn't succeed.
* tests/local.mk: Reference the new test
* NEWS: Mention the fix.
Addresses http://bugs.gnu.org/24541
Diffstat (limited to 'm4/jm-macros.m4')
-rw-r--r-- | m4/jm-macros.m4 | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/m4/jm-macros.m4 b/m4/jm-macros.m4 index ef915bd37..de0657b82 100644 --- a/m4/jm-macros.m4 +++ b/m4/jm-macros.m4 @@ -63,6 +63,19 @@ AC_DEFUN([coreutils_MACROS], esac fi ]) + + # Used by runcon.c + LIB_SECCOMP= + AC_SUBST([LIB_SECCOMP]) + if test "$with_selinux" != no; then + AC_SEARCH_LIBS([seccomp_init], [seccomp], + [test "$ac_cv_search_seccomp_init" = "none required" || + LIB_SECCOMP=$ac_cv_search_seccomp_init + AC_DEFINE([HAVE_SECCOMP], [1], [libseccomp usability])], + [test "$ac_cv_header_selinux_selinux_h" = yes && + AC_MSG_WARN([libseccomp library was not found or not usable]) + AC_MSG_WARN([runcon will be vulnerable to tty injection])]) + fi LIBS=$coreutils_saved_libs # Used by sort.c. |