oss-sec mailing list archives

Re: TIOCSTI not going away

From: christos () zoulas com (Christos Zoulas)
Date: Thu, 29 Jun 2017 11:54:06 -0400

On Jun 29,  4:23pm, solar () openwall com (Solar Designer) wrote:
-- Subject: Re: [oss-security] TIOCSTI not going away

| Maybe Christos could comment on tcsh?

TL;DR: tcsh will not lose functionality if TIOCSTI is gone.

tcsh uses TIOCSTI in the editor e_stuff_char() function which is unbound
by default; not many people know about this or use it. There is also the
old FILEC code from csh (that used TIOCSTI to do file completion with
<ESC>), but that is not compiled in. I should remove it but it is kept
there merely for nostalgia :-)

One can be much stricter though about who is allowed to use TIOCSTI
like I've done for NetBSD (require exact credentials match on the
tty). For example the typical example of root running an unprivileged
installer on NetBSD fails:

# cat installer
#!/bin/sh
whoami
/usr/sbin/sti /dev/tty whoami\\n

# su unprivileged -c ./installer
unprivileged
sti: Cannot simulate terminal input: Operation not permitted
# whoami
root

christos

Current thread:

TIOCSTI not going away Solar Designer (Jun 03)
- Re: TIOCSTI not going away Karel Zak (Jun 03)
- Re: TIOCSTI not going away Lizzie Dixon (Jun 03)
- Re: TIOCSTI not going away Solar Designer (Jun 29)
  - Re: TIOCSTI not going away Nick Kralevich (Jun 29)
  - Re: TIOCSTI not going away Todd C. Miller (Jun 29)
  - Re: TIOCSTI not going away Christos Zoulas (Jun 29)