Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 18 Mar 2023 09:34:04 -0400
From: Christos Zoulas <christos@...las.com>
To: oss-security@...ts.openwall.com
Subject: Re: TTY pushback vulnerabilities / TIOCSTI

I think that the original reason was for csh(1) to implement file completion:
https://nxr.netbsd.org/xref/src/bin/csh/file.c#161
I still have a use case for it. Sometimes I lose my VPN tunnel and an
ssh session where I am running vi(1) suddenly dies. When I ssh to that
machine, I can easily find the tty where the vi session is with ps(1) and
then type "sti pts/X :wq\\n" and save the file  (https://man.netbsd.org/sti.8):-)
Of course on NetBSD you need to be root to use TIOCSTI.

Best,

christos

> On Mar 17, 2023, at 7:13 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) <lyndon@...hanc.ca> wrote:
> 
> Does anyone even remember why TIOCSTI was added in the
> first place?  I remember stumbling across it decades
> ago (SVR?), but I've ever seen a use case for it.
> It puzzled me back then why it even existed.
> 
> --lyndon


Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.