oss-sec mailing list archives
Re: TTY pushback vulnerabilities / TIOCSTI
From: Jakub Wilk <jwilk () jwilk net>
Date: Tue, 14 Mar 2023 11:36:26 +0100
* Hanno Böck <hanno () hboeck de>, 2023-03-14 09:51:
In the 2017 post solar designer mentioned that the Linux kernel developers have multiple times rejected changes in the kernel.
I believe this is the post in question: https://www.openwall.com/lists/oss-security/2017/06/03/9
Starting with Kernel 6.2 it is possible to disable TIOCSTI (unset CONFIG_LEGACY_TIOCSTI).
Nice, but...On Linux virtual terminals, it's possible to achieve pretty much the same effect using TIOCLINUX, the ioctl used by gpm to implement copy&pasting.
I've attached a minimal PoC. A more elaborate one is here: https://github.com/jwilk/ttyjack -- Jakub Wilk
Attachment:
minittyjack.c
Description:
Current thread:
- TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)