[Salvatore Bonaccorso] > the following vulnerability was published for coreutils. > > CVE-2016-2781[0]: > |nonpriv session can escape to the parent session by using the TIOCSTI > | ioctl
This seem to be a similar issue to <URL: https://security-tracker.debian.org/tracker/CVE-2016-2568 > in pkexec, which in its bug report #812512 mention a similar issue in su (CVE-2005-4890) solved using setsid() and in sudo solved using the "use_pty" flag. Perhaps one of these techniques might be usable here too? I also found <URL: https://cxsecurity.com/issue/WLB-2012110063 > going into details regarding su and vserver being hit by a similar problem. -- Happy hacking Petter Reinholdtsen

