From ed062f6da5c8ec4c0d8a42f099c7f4eb73e3a1cd Mon Sep 17 00:00:00 2001
From: Piraty <mail@piraty.dev>
Date: Fri, 17 Feb 2023 01:53:23 +0100
Subject: [PATCH] use bwrap --new-session to prevent tty hijacking

`man bwrap`
> Create a new terminal session for the sandbox (calls setsid()).

https://www.openwall.com/lists/oss-security/2017/06/03/9
https://github.com/ncopa/su-exec/issues/23
https://github.com/tianon/gosu/issues/37
https://ruderich.org/simon/notes/su-sudo-from-root-tty-hijacking

Relates-to: https://github.com/Piraty/bubblejail/issues/2
---
 bubblejail | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bubblejail b/bubblejail
index 481c35e..f40694b 100755
--- a/bubblejail
+++ b/bubblejail
@@ -265,6 +265,7 @@ exec env -i bwrap \
 	--symlink /tmp var/tmp \
 	--dir "$HOME" \
 	--chdir "$HOME" \
+	--new-session \
 	--as-pid-1 \
 	--die-with-parent \
 	--setenv PATH /usr/bin \