Warning if used without --new-session

[valoq]

With version 0.1.7 the unconditional call of setsid() has been replaced with the --new-session option and the hint to alternativly use seccomp filter to neutralize the TIOCSTI issue.

However i feel like this is somewhat risky, as few users will read the release notes and consequently use the new option. Using something like --no-new-session and calling setsid by default would be a more secure approach, but I suspect this is not wanted.

One idea to solve this would be to display a warning if bwrap is used without --new-session.

[alexlarsson]

Well, that would display a warning for every flatpak application, even though flatpak is safe (it uses seccomp to work around the issue instead).

[valoq]

How about displaying the warning only if neither --new-session nor --seccomp is used, assuming flatpak does use seccomp like that with bubblewrap.

[cgwalters]

I'd also add the condition that we actually have a controlling terminal. I know of at least one user of bubblewrap that uses it for server code that doesn't have a ctty, and hence the vulnerability doesn't apply.

[valoq]

So what about displaying a warning under these conditions:

• no new-seccion
• no seccomp
• use of a controlling terminal