oss-sec mailing list archives

Re: TTY pushback vulnerabilities / TIOCSTI

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 14 Mar 2023 12:01:17 +0100

On Tue, 14 Mar 2023 11:46:33 +0100
Peter Bex <peter () more-magic net> wrote:

Indeed, opendoas (the portable version of OpenBSD's "doas") has this
exact bug as well: https://github.com/Duncaen/OpenDoas/issues/106


Though some context is relevant here: doas is a tool from OpenBSD.
According to the Linux kernel commit message [1] OpenBSD has fixed this
already 3 years ago by entirely removing TIOCSTI [2][3].

[1]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83efeeeb3d04
[2] https://undeadly.org/cgi?action=article;sid=20170701132619
[3] https://marc.info/?l=openbsd-cvs&m=149870941319610

-- 
Hanno Böck
https://hboeck.de/

Current thread:

Re: TTY pushback vulnerabilities / TIOCSTI, (continued)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
  - Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
    - Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
    - Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
    - Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
    - Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
    - Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
    - Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
    - Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
  - Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
    - Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Shawn Webb (Mar 14)
  - Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
    - Re: TTY pushback vulnerabilities / TIOCSTI Dave Horsfall (Mar 15)
    - Re: TTY pushback vulnerabilities / TIOCSTI Casper Dik (Mar 15)
    - Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 15)
    - Re: TTY pushback vulnerabilities / TIOCSTI Jan Engelhardt (Mar 15)
    - Re: TTY pushback vulnerabilities / TIOCSTI Ed Maste (Mar 17)