oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TTY pushback vulnerabilities / TIOCSTI

From: Jakub Wilk <jwilk () jwilk net>
Date: Tue, 14 Mar 2023 11:36:26 +0100
* Hanno Böck <hanno () hboeck de>, 2023-03-14 09:51:
In the 2017 post solar designer mentioned that the Linux kernel developers have multiple times rejected changes in the kernel. 

I believe this is the post in question:
https://www.openwall.com/lists/oss-security/2017/06/03/9
Starting with Kernel 6.2 it is possible to disable TIOCSTI (unset CONFIG_LEGACY_TIOCSTI). 

Nice, but...
On Linux virtual terminals, it's possible to achieve pretty much the same effect using TIOCLINUX, the ioctl used by gpm to implement copy&pasting. 

I've attached a minimal PoC. A more elaborate one is here:
https://github.com/jwilk/ttyjack

--
Jakub Wilk

Attachment: minittyjack.c
Description:

Previous By Date Next
Previous By Thread Next

Current thread: