Date: Thu, 29 Jun 2017 16:23:46 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: TIOCSTI not going away On Sat, Jun 03, 2017 at 06:58:13PM +0200, Solar Designer wrote: > On LKML, CC'ed to the kernel-hardening mailing list, Matt Brown has been > pushing for the upstream Linux kernel to introduce an option (likely to > be disabled by default) that would block the TIOCSTI ioctl. Alan Cox > repeatedly NAK'ed this: > > http://www.openwall.com/lists/kernel-hardening/2017/05/ > > Sorry there's no one specific message/thread to link to - there were > multiple patch revisions, and multiple NAKs with different wording. > > Alan's reasoning is that userspace apps like this have to be allocating > a new pty anyway, and the kernel change wouldn't help much since TIOCSTI > isn't the only way to cause trouble (although per my reading of the > examples given, other ways/troubles are either not exactly as bad or not > exactly as generic). While TIOCSTI is apparently not going away on Linux, it is on OpenBSD, and here's some analysis of the apparently almost non-existent impact this will have on Emacs (which was one of the primary examples cited for keeping TIOCSTI on Linux): https://marc.info/?l=openbsd-tech&m=149868123704451 Theo de Raadt wrote: "There are indications that a few ports use TIOCSTI. The list is pretty small, and I have not reviewed whether the use of TIOCSTI actually occurs during runtime on OpenBSD: x11vnc tcsh ucblogo brltty epic4 trn libsanitizer jvim2.0r+onew2.2.10-wnn4 emacs qemu ngspice I hope those programs get fixed quickly" Jeremie Courreges-Anglas wrote: "TIOCSTI is only used once in editors/emacs. The return value of ioctl(2) isn't checked. This is in the "suspend-emacs" function, ie what's called when pressing ^Z, can take an optional string to be sent to the parent process. I could spot only one place in emacs-25.2 where this optional string is used, lisp/obsolete/ledit.el, an obsolete mode for Franz Lisp" Maybe Christos could comment on tcsh? Whatever happens (or doesn't happen) for upstream Linux, there will be system(s) dropping TIOCSTI or at least introducing a way to disable it, so reducing userspace programs' dependencies on TIOCSTI makes sense. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ