Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Hash Suite - Windows password security audit tool. GUI, reports in PDF.

Date: Thu, 29 Jun 2017 16:23:46 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: TIOCSTI not going away

On Sat, Jun 03, 2017 at 06:58:13PM +0200, Solar Designer wrote:
> On LKML, CC'ed to the kernel-hardening mailing list, Matt Brown has been
> pushing for the upstream Linux kernel to introduce an option (likely to
> be disabled by default) that would block the TIOCSTI ioctl.  Alan Cox
> repeatedly NAK'ed this:
> 
> http://www.openwall.com/lists/kernel-hardening/2017/05/
> 
> Sorry there's no one specific message/thread to link to - there were
> multiple patch revisions, and multiple NAKs with different wording.
> 
> Alan's reasoning is that userspace apps like this have to be allocating
> a new pty anyway, and the kernel change wouldn't help much since TIOCSTI
> isn't the only way to cause trouble (although per my reading of the
> examples given, other ways/troubles are either not exactly as bad or not
> exactly as generic).

While TIOCSTI is apparently not going away on Linux, it is on OpenBSD,
and here's some analysis of the apparently almost non-existent impact
this will have on Emacs (which was one of the primary examples cited for
keeping TIOCSTI on Linux):

https://marc.info/?l=openbsd-tech&m=149868123704451

Theo de Raadt wrote:

"There are indications that a few ports use TIOCSTI.  The list is
pretty small, and I have not reviewed whether the use of TIOCSTI
actually occurs during runtime on OpenBSD:

    x11vnc tcsh ucblogo brltty epic4 trn libsanitizer
    jvim2.0r+onew2.2.10-wnn4 emacs qemu ngspice

I hope those programs get fixed quickly"

Jeremie Courreges-Anglas wrote:

"TIOCSTI is only used once in editors/emacs.  The return value of
ioctl(2) isn't checked.  This is in the "suspend-emacs" function, ie
what's called when pressing ^Z, can take an optional string to be sent
to the parent process.

I could spot only one place in emacs-25.2 where this optional string is
used, lisp/obsolete/ledit.el, an obsolete mode for Franz Lisp"

Maybe Christos could comment on tcsh?

Whatever happens (or doesn't happen) for upstream Linux, there will be
system(s) dropping TIOCSTI or at least introducing a way to disable it,
so reducing userspace programs' dependencies on TIOCSTI makes sense.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.