Systemd Insecure PTY Handling Vulnerability

hackerhouse-opensource · hackerhouse-opensource · commit bdea5f0933c0 · 2024-05-04T09:54:33.000-05:00
diff --git a/systemd-run-tty.txt b/systemd-run-tty.txt
@@ -211,7 +211,6 @@ uid=1000(fantastic) gid=1000(fantastic) groups=1000(fantastic),90(network),96(sc
 ./ptypwn /dev/pts/3
 ./ptypwn /dev/pts/3
 
-
 /* ptypwn.c - use TIOCSTI ioctl to inject commands into user-owned pty */
 #include <fcntl.h>
 #include <stdio.h>
@@ -239,7 +238,7 @@ int main(int argc, char *argv[]) {
     return 0;
 }
 
-Additionally systemd-run supports a "--pipe" operation which will simply connect the privielged
+Additionally systemd-run supports a "--pipe" operation which will simply connect the privileged
 process to the same-user parent tty directly, this option should be removed entirely as it offers
 no protection against the attacks outlined above. 
 
