[Pkg-shadow-devel] Bug#628843: Bug#628843: login: tty hijacking - suggested solution inclusive patch

Wolfgang Zarre lkdev at essax.com
Sun Mar 31 17:34:51 UTC 2013


Hello,

> I've successfuly tested an implementation which
> keeps the exploit running in the background
> _after_ returning control back to rot user. The
> running exploit then periodicaly inserts commands
> into root terminal, like whoami, rm -rf / etc :)
> 
> So flushing the input queue isn't a complete
> solution.
> 

Yes, You are right, this might work due the fact
that there is no control of additional forked
child's.

Further there is also additional the problem that
tty settings are not reset after return which
can be annoying as well but this is another story.

However, IMHO there might be two ways to handle
this issue which would be in figuring out if
permissions could handle that and the second
if it might be possible to control forked child's.


Would it be possible for You to post your
implementation?

Thanks.

Best regards
Wolf



More information about the Pkg-shadow-devel mailing list