OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
On the Insecurity of TIOCSTI
Contributed by brynet on Sat Jul 01 12:54:03 2017 (GMT)
from the de-fanging dept.

Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD:

[...] there's always been the risk that a program manages to retain tty association beyond it's intended lifetime, and then it can perform injections with TIOCSTI.

So I've always wanted to get rid of TIOCSTI. I consider it the most dangerous tty ioctl. [...]

This appears related to a discussion thread that came up on oss-security@, and how Linux has steadfast rejected proposals to remove it.

Theo has already committed his change to disable TIOCSTI, which now returns EIO [input/output error].

Due to risks known for decades, TIOCSTI now performs no action, and simply returns EIO. The base system has been cleaned of TIOCSTI uses [...]

This was made possible by changes made to csh/mailx in base by Anton Lindqvist (anton@).
I (brynet@), also committed a change recently to ksh removing an unnecessary call.


<< BSDCan 2017 - Trip report double-p | Reply | Flattened | Collapsed | Kernel relinking status from Theo de Raadt >>

Threshold: Help

Related Links
more by brynet

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]