oss-sec mailing list archives
Re: TTY pushback vulnerabilities / TIOCSTI
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 14 Mar 2023 12:01:17 +0100
On Tue, 14 Mar 2023 11:46:33 +0100 Peter Bex <peter () more-magic net> wrote:
Indeed, opendoas (the portable version of OpenBSD's "doas") has this exact bug as well: https://github.com/Duncaen/OpenDoas/issues/106
Though some context is relevant here: doas is a tool from OpenBSD. According to the Linux kernel commit message [1] OpenBSD has fixed this already 3 years ago by entirely removing TIOCSTI [2][3]. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83efeeeb3d04 [2] https://undeadly.org/cgi?action=article;sid=20170701132619 [3] https://marc.info/?l=openbsd-cvs&m=149870941319610 -- Hanno Böck https://hboeck.de/
Current thread:
- Re: TTY pushback vulnerabilities / TIOCSTI, (continued)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Dave Horsfall (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Casper Dik (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Jan Engelhardt (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Ed Maste (Mar 17)