OpenBSD Journal

On the Insecurity of TIOCSTI

Contributed by brynet on from the de-fanging dept.

Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD:

[...] there's always been the risk that a program manages to retain tty association beyond it's intended lifetime, and then it can perform injections with TIOCSTI.

So I've always wanted to get rid of TIOCSTI. I consider it the most dangerous tty ioctl. [...]

This appears related to a discussion thread that came up on oss-security@, and how Linux has steadfast rejected proposals to remove it.
http://www.openwall.com/lists/oss-security/2017/06/03/9

Theo has already committed his change to disable TIOCSTI, which now returns EIO [input/output error].

Due to risks known for decades, TIOCSTI now performs no action, and simply returns EIO. The base system has been cleaned of TIOCSTI uses [...]

This was made possible by changes made to csh/mailx in base by Anton Lindqvist (anton@).
I (brynet@), also committed a change recently to ksh removing an unnecessary call.

(Comments are closed)


Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]