Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Avoid TIOCSTI abuse by the monkeysphere user
Since util-linux 2.31, runuser has has support (sometimes undocumented) for defense against terminal hijacking via TIOCSTI or other techniques, by passing a --pty argument. That option is [no longer experimental](util-linux/util-linux#760), so monkeysphere-authentication should use it if it is available. This defends against a compromised monkeysphere user being able to attack the superuser when invoked under a controlling terminal. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Loading branch information