Re: Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI ioctl

To: Sam Morris <sam@robots.org.uk>, 905745@bugs.debian.org
Cc: linux@packages.debian.org, security@debian.org
Subject: Re: Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI ioctl
From: Chris Hofstaedtler <zeha@debian.org>
Date: Sat, 29 Apr 2023 23:47:40 +0200
Message-id: <[🔎] 20230429214740.xz2rz6fljbq45rfa@percival.namespace.at>
In-reply-to: <168258639756.415821.14643452336170510191.reportbug@wintermute.ipa.robots.org.uk>
References: <BANLkTikCPk61MPvt4RfWZSyKx0N-Owu6bg@mail.gmail.com> <168258639756.415821.14643452336170510191.reportbug@wintermute.ipa.robots.org.uk>

Control: reassign -1 src:linux
Control: affects -1 src:util-linux

Dear Kernel Maintainers, Security Team,

* Sam Morris <sam@robots.org.uk>:
> Linux 6.2 introduces a sysctl dev.tty.legacy_tiocsti sysctl which can be
> used to disable TIOCSTI. The default value of the sysctl is set at build
> time with CONFIG_LEGACY_TIOCSTI.
> 
> <https://cateee.net/lkddb/web-lkddb/LEGACY_TIOCSTI.html>

Maybe we can get this into 6.1?

Thanks,
Chris

Reply to:

Follow-Ups:
- Re: Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI ioctl
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: Re: Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI ioctl
Next by Date: Bug#1035118: linux-base: Presence of GPG signatures in /boot causes wrong kernels to be listed with linux-version
Previous by thread: Re: Bug#1035101: Failed to detect HD if Intel RST-RAID is active
Next by thread: Processed: Re: Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI ioctl
Index(es):
- Date
- Thread