Avoid TIOCSTI abuse by the monkeysphere user

Since util-linux 2.31, runuser has has support (sometimes undocumented) for defense against terminal hijacking via TIOCSTI or other techniques, by passing a --pty argument. That option is [no longer experimental](util-linux/util-linux#760), so monkeysphere-authentication should use it if it is available. This defends against a compromised monkeysphere user being able to attack the superuser when invoked under a controlling terminal. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
dkg · Mar 5, 2019 · 97ade31 · 97ade31
1 parent d558bf0
commit 97ade31
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/share/common b/src/share/common
@@ -110,8 +110,12 @@ run_as_monkeysphere_user() {
 
          # if root, run command as monkeysphere user
 	'root')
+            local -a runuser_args=(--user "$MONKEYSPHERE_USER")
+            if runuser --help | grep -q -- --pty; then
+                runuser_args+=(--pty)
+            fi
             # requote arguments using bash builtin feature (see "help printf"):
-	    runuser -u "$MONKEYSPHERE_USER" -- "$@"
+	    runuser "${runuser_args[@]}" -- "$@"
 	    ;;
 
 	# otherwise, fail