Red Hat Bugzilla – Bug 1312852
CVE-2016-2779 util-linux: runuser tty hijack via TIOCSTI ioctl
Last modified: 2017-03-09 20:35:31 EST
It was found that when executing a program via "runuser -u nonpriv program" the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing privilege escalation. This issue has been fixed in "su" by calling setsid() and in "sudo" by using the "use_pty" flag.
CVE request (contains reproducer):
Created util-linux tracking bugs for this issue:
Affects: fedora-all [bug 1312855]
Upstream libseccomp based workaround: