Date: Wed, 15 Mar 2023 09:26:24 +0000 From: Casper Dik <casper.dik@...cle.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: TTY pushback vulnerabilities / TIOCSTI >On Wed, 15 Mar 2023, Fabian Keil wrote: >> In ElectroBSD I removed TIOCSTI support in 2017  and haven't noticed >> any problems. >I hate tossing out functionality; would you not make it a privileged >operation instead? >-- Dave I think it makes it mostly useless. In Solaris we've changed how TIOCSTI works; when a process reads the packet with the stuffed input, it then checks the credential of the sender. So while the stuffed input is still echoed but ignored: # su nobody -c tiocsti exit echo Payload as `whoami` # But when having root calling tciosti, you get: # su root -c tiocsti exit echo Payload as `whoami` # exit Payload as root (The exit here is not needed) Casper
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.