diff options
author | Pádraig Brady <P@draigBrady.com> | 2017-08-28 01:57:54 -0700 |
---|---|---|
committer | Pádraig Brady <P@draigBrady.com> | 2017-08-29 00:38:19 -0700 |
commit | 8cb06d4b44a67f89f24b25e2394365533f6e5968 (patch) | |
tree | 5a250b691b1b17f2d59d7e190c4a2649f7ee93e8 /src/local.mk | |
parent | 799bac0d06cfabe9491498727308df8d1aca6d98 (diff) | |
download | coreutils-8cb06d4b44a67f89f24b25e2394365533f6e5968.tar.gz |
runcon: disable use of the TIOCSTI ioctl
Similar to the issue with SELinux sandbox (CVE-2016-7545),
children of runcon can inject arbitrary input to the terminal
that would be run at the originating terminal privileges.
The new libseccomp dependency is widely available and used
on modern SELinux systems, but is not available by default
on older systems like RHEL6 etc.
* m4/jm-macros.m4: Check for libseccomp and
warn if unavailable on selinux supporting systems.
* src/local.mk: Link runcon with -lseccomp.
* src/runcon.c (disable_tty_inject): A new function to
disable use of the TIOCSTI using libseccomp, or with setsid()
where libseccomp is unavailable.
* tests/misc/runcon-no-inject.sh: A new test that uses
python to make the TIOCSTI call, and ensure that doesn't succeed.
* tests/local.mk: Reference the new test
* NEWS: Mention the fix.
Addresses http://bugs.gnu.org/24541
Diffstat (limited to 'src/local.mk')
-rw-r--r-- | src/local.mk | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/local.mk b/src/local.mk index 1cb685906..9275b1f2e 100644 --- a/src/local.mk +++ b/src/local.mk @@ -243,6 +243,7 @@ src_mkfifo_LDADD += $(LIB_SMACK) src_mknod_LDADD += $(LIB_SELINUX) src_mknod_LDADD += $(LIB_SMACK) src_runcon_LDADD += $(LIB_SELINUX) +src_runcon_LDADD += $(LIB_SECCOMP) src_stat_LDADD += $(LIB_SELINUX) # for nvlist_lookup_uint64_array |