Systemd Insecure PTY Handling Vulnerability

hackerhouse-opensource · hackerhouse-opensource · commit 4d3b74d9150b · 2024-05-04T09:47:40.000-05:00
diff --git a/systemd-run-tty.txt b/systemd-run-tty.txt
@@ -239,6 +239,10 @@ int main(int argc, char *argv[]) {
     return 0;
 }
 
+Additionally systemd-run supports a "--pipe" operation which will simply connect the privielged
+process to the same-user parent tty directly, this option should be removed entirely as it offers
+no protection against the attacks outlined above. 
+
 PolicyKit / sudoer Configuration Discrepancy
 ============================================
 It is worth noting that a common misconfiguration can present itself in systemd/policykit Linux 
