oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution

From: "Todd C. Miller" <Todd.Miller () sudo ws>
Date: Tue, 18 Apr 2023 08:27:16 -0600
On Tue, 18 Apr 2023 20:41:35 +0800, Ruihan Li wrote:


I just noticed that sudo added the isatty check a day ago (April 17th)
[1]. I think this change was inspired by this vulnerability, wasn't it?
However, as Jakub Wilk pointed out, isatty is still implemented by an
ioctl call, so the addition of this check has nothing to do with this
vulnerability. Nevertheless, it is still a good idea to make sure isatty
succeeds before using ioctl calls with other (perhaps more complex and
arbitrary) tty commands.

[1]: https://github.com/sudo-project/sudo/commit/5650b436e6ba20807758a4154e70
9c10c1c87be8 


That is correct.  There are further changes to use TIOCGWINSZ on
/dev/tty instead of stderr.  Using an open fd of /dev/tty makes the
isatty() call superfluous but it doesn't hurt to have it.

 - todd
Previous By Date Next
Previous By Thread Next

Current thread: