[Bug 9401] privilege escalation with TIOCSTI ioctl from busybox su
bugzilla at busybox.net
bugzilla at busybox.net
Thu Nov 3 21:23:08 UTC 2016
https://bugs.busybox.net/show_bug.cgi?id=9401
--- Comment #2 from Denys Vlasenko <vda.linux at googlemail.com> ---
(In reply to Lizzie Dixon from comment #0)
Nasty.
However, this only works interactively, when root runs "su lizzie -c ./tiocsti"
from a command line shell. This will not work from a script, when stdin is not
used for command input.
I would think root should be a little suspicious when users ask him to run
unknown scripts via "su -c SCRIPT".
The solution used by "standard" su versions is to run -c SCRIPT in a new
session, IOW: without controlling tty (because TIOCSTI then does not work). In
practice, not having controlling tty is at times a serious inconvenience.
I'm not sure it makes sense to do this: for more contrived code, we can end up
having a somewhat _less_ usable tool.
For now I added comment explaining existence of this exploit.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list