Quoting "Stanislav Brabec" <sbrabec@xxxxxxx>:
To Federico Bento: Could you confirm that you are author and approve the license in the test_tiocsti.c, please?
There were vulnerabilities in the past regarding the same issue for different programs ("su" for example, CVE-2005-4890), that when reported, used the same technique. The program is the most basic you can get to demonstrate this, so i'm pretty sure i wasn't the only one that used something similar. At the time, though, i wrote it off my head. This doesn't mean, as I said, that no one wrote something very similar, so i'm not really sure if I should be credited for something that has a high probability of having been written before.
On another note, grsecurity recently released a new feature named GRKERNSEC_HARDEN_TTY that disallows the use of TIOCSTI to unprivileged users unless the caller has CAP_SYS_ADMIN. Brad Spengler (spender) said that looking into it, he didn't find legitimate uses of such ioctl, and no wide usage of writevt.
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=d47ea9080b76a7445e8a36545c539b2a62c31faa Check out gr_handle_tiocsti() ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
