On 2/27/2016 4:23 AM, up201407...@alunos.dcc.fc.up.pt wrote: > And yes, there would be no job control if you started a shell from > there. This is why in "su" setsid() is called only with "-c", partially > fixing the issue. If one would to "su - user" it would still be vulnerable.
That isn't good. Shouldn't only the foreground process group be allowed to use this ioctl, thus preventing any background forked processes from exploiting this?