diff options
author | Karel Zak | 2016-10-06 10:28:33 +0200 |
---|---|---|
committer | Karel Zak | 2016-10-06 10:28:33 +0200 |
commit | c39447445c12a21a85e42bc8dd7d70091298349d (patch) | |
tree | 8e68aece2eaec02f710deb03dcda9a2d7bdf878e /Documentation/releases/v2.29-ReleaseNotes | |
parent | Merge branch 'master' of https://github.com/Zeuh/util-linux (diff) | |
download | kernel-qcow2-util-linux-c39447445c12a21a85e42bc8dd7d70091298349d.tar.gz kernel-qcow2-util-linux-c39447445c12a21a85e42bc8dd7d70091298349d.tar.xz kernel-qcow2-util-linux-c39447445c12a21a85e42bc8dd7d70091298349d.zip |
docs: update infor about TIOCSTI
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'Documentation/releases/v2.29-ReleaseNotes')
-rw-r--r-- | Documentation/releases/v2.29-ReleaseNotes | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/Documentation/releases/v2.29-ReleaseNotes b/Documentation/releases/v2.29-ReleaseNotes index 656a6a9d6..fe556039a 100644 --- a/Documentation/releases/v2.29-ReleaseNotes +++ b/Documentation/releases/v2.29-ReleaseNotes @@ -4,8 +4,15 @@ Util-linux 2.29 Release Notes Security issues --------------- -CVE-2016-2779 -- fixed by workeround based on libseccomp, the workaround - disables TIOCSTI ioctl in su/runuser session. +CVE-2016-2779 + +This security issue is NOT FIXED yet. It is possible to disable the ioctl +TIOCSTI by setsid() only. Unfortunately, setsid() has well-defined use cases +in su(1) and runuser(1) and any changes would introduce regressions. It seems +we need a better way -- ideally another ioctl to disable TIOCSTI without +setsid() or in userspace implemented pty container (planned as experimental +feature). + Stable maintenance releases between v2.28 and v2.29 --------------------------------------------------- |