When starting a program via "su - user -c program" the user session can escape
to the parent session by using the TIOCSTI ioctl to push characters into the
input buffer. This allows for example a non-root session to push
"chmod 666 /etc/shadow" or similarly bad commands into the input buffer such
that after the end of the session they are executed.
 mdeslaur> sudo is also apprently vulnerable to this, so the use_pty
 mdeslaur> option was added. We need to verify versions, and make sure
 mdeslaur> it is actually getting honored (apparently the option wasn't
 mdeslaur> working:
 jdstrand> sudo in 12.04 and higher has the fix for use_pty. A small patch
  ( can be used to enable it
  on Ubuntu 11.04 and 11.10.
 mdeslaur> Please note that use_pty is not enabled by default in sudo, it
 mdeslaur> must be specifically enabled.
 sarnold> su interactive has the same problem, no fix known on 20130305
Upstream:released (1:4.1.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
More Information

Updated: 2019-01-14 21:14:09 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)