Contributed by brynet on from the de-fanging dept.
Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD:
[...] there's always been the risk that a program manages to retain tty association beyond it's intended lifetime, and then it can perform injections with TIOCSTI.
So I've always wanted to get rid of TIOCSTI. I consider it the most dangerous tty ioctl. [...]
This appears related to a discussion thread that came up on oss-security@, and how Linux has steadfast rejected proposals to remove it.
Due to risks known for decades, TIOCSTI now performs no action, and simply returns EIO. The base system has been cleaned of TIOCSTI uses [...]
This was made possible by changes made to csh/mailx in base by Anton Lindqvist (anton@).
I (brynet@), also committed a change recently to ksh removing an unnecessary call.
(Comments are closed)