oss-sec mailing list archives
Re: TTY pushback vulnerabilities / TIOCSTI
From: Peter Bex <peter () more-magic net>
Date: Tue, 14 Mar 2023 12:10:37 +0100
On Tue, Mar 14, 2023 at 12:01:17PM +0100, Hanno Böck wrote:
On Tue, 14 Mar 2023 11:46:33 +0100 Peter Bex <peter () more-magic net> wrote:Indeed, opendoas (the portable version of OpenBSD's "doas") has this exact bug as well: https://github.com/Duncaen/OpenDoas/issues/106Though some context is relevant here: doas is a tool from OpenBSD. According to the Linux kernel commit message [1] OpenBSD has fixed this already 3 years ago by entirely removing TIOCSTI [2][3].
Indeed, the GitHub issue makes this clear as well (that's why I specifically mentioned opendoas and not doas in general). It just shows that even for security-minded folks it's a big trap to fall into. This is the case *especially* when either a) the developers are mainly working on OpenBSD or b) it's a port from OpenBSD Because it isn't even an issue there. And you wouldn't expect an OpenBSD-developer to include a PTY allocating feature unless they explicitly also target Linux. From a very cursory search, it looks like NetBSD and FreeBSD haven't disabled the option either, so more fun to be had if they include doas versions as well. Cheers, Peter
Attachment:
signature.asc
Description:
Current thread:
- Re: TTY pushback vulnerabilities / TIOCSTI, (continued)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Dave Horsfall (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Casper Dik (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Jan Engelhardt (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Ed Maste (Mar 17)