oss-sec mailing list archives
Re: TTY pushback vulnerabilities / TIOCSTI
From: Jakub Wilk <jwilk () jwilk net>
Date: Fri, 17 Mar 2023 20:41:02 +0100
* Hanno Böck <hanno () hboeck de>, 2023-03-17 11:48:
Jakub Wilk <jwilk () jwilk net> wrote:On Linux virtual terminals, it's possible to achieve pretty much the same effect using TIOCLINUX, the ioctl used by gpm to implement copy&pasting.
[...]
Given this works only on "virtual terminals" (aka not in a terminal window on X, not over SSH), I think the severity is much lower than the TIOCSTI issue.
Agreed.
I've created a patch for the Linux kernel very similar to the patch that allows disabling TIOCSTI.
I don't think that's gonna fly, because...
+ The TIOCLINUX ioctl allows implementing copy-and-paste and + mouse operations in virtual terminals, used by tools like gpm.
TIOCLINUX implements also functionality unrelated to copying and pasting. See the ioctl_console(2) man page:
https://manpages.debian.org/unstable/manpages-dev/ioctl_console.2.en.html#TIOCLINUX For example, apparently some of this stuff is used by systemd: $ git grep -wB5 TIOCLINUX src/basic/terminal-util.c- int tiocl[2] = { src/basic/terminal-util.c- TIOCL_GETKMSGREDIRECT, src/basic/terminal-util.c- 0 src/basic/terminal-util.c- }; src/basic/terminal-util.c- src/basic/terminal-util.c: if (ioctl(fd, TIOCLINUX, tiocl) < 0) -- src/vconsole/vconsole-setup.c-static int verify_vc_device(int fd) { src/vconsole/vconsole-setup.c- unsigned char data[] = { src/vconsole/vconsole-setup.c- TIOCL_GETFGCONSOLE, src/vconsole/vconsole-setup.c- }; src/vconsole/vconsole-setup.c- src/vconsole/vconsole-setup.c: return RET_NERRNO(ioctl(fd, TIOCLINUX, data)); -- Jakub Wilk
Current thread:
- TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)