Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Jun 2017 16:23:46 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: TIOCSTI not going away

On Sat, Jun 03, 2017 at 06:58:13PM +0200, Solar Designer wrote:
> On LKML, CC'ed to the kernel-hardening mailing list, Matt Brown has been
> pushing for the upstream Linux kernel to introduce an option (likely to
> be disabled by default) that would block the TIOCSTI ioctl.  Alan Cox
> repeatedly NAK'ed this:
> 
> http://www.openwall.com/lists/kernel-hardening/2017/05/
> 
> Sorry there's no one specific message/thread to link to - there were
> multiple patch revisions, and multiple NAKs with different wording.
> 
> Alan's reasoning is that userspace apps like this have to be allocating
> a new pty anyway, and the kernel change wouldn't help much since TIOCSTI
> isn't the only way to cause trouble (although per my reading of the
> examples given, other ways/troubles are either not exactly as bad or not
> exactly as generic).

While TIOCSTI is apparently not going away on Linux, it is on OpenBSD,
and here's some analysis of the apparently almost non-existent impact
this will have on Emacs (which was one of the primary examples cited for
keeping TIOCSTI on Linux):

https://marc.info/?l=openbsd-tech&m=149868123704451

Theo de Raadt wrote:

"There are indications that a few ports use TIOCSTI.  The list is
pretty small, and I have not reviewed whether the use of TIOCSTI
actually occurs during runtime on OpenBSD:

    x11vnc tcsh ucblogo brltty epic4 trn libsanitizer
    jvim2.0r+onew2.2.10-wnn4 emacs qemu ngspice

I hope those programs get fixed quickly"

Jeremie Courreges-Anglas wrote:

"TIOCSTI is only used once in editors/emacs.  The return value of
ioctl(2) isn't checked.  This is in the "suspend-emacs" function, ie
what's called when pressing ^Z, can take an optional string to be sent
to the parent process.

I could spot only one place in emacs-25.2 where this optional string is
used, lisp/obsolete/ledit.el, an obsolete mode for Franz Lisp"

Maybe Christos could comment on tcsh?

Whatever happens (or doesn't happen) for upstream Linux, there will be
system(s) dropping TIOCSTI or at least introducing a way to disable it,
so reducing userspace programs' dependencies on TIOCSTI makes sense.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ