On Mar 3, 2016 at 01:37 up201407890@xxxxxxxxxxxxxxxxxxx wrote:
On another note, grsecurity recently released a new feature named GRKERNSEC_HARDEN_TTY that disallows the use of TIOCSTI to unprivileged users unless the caller has CAP_SYS_ADMIN.
This will fix all util-linux issues, but not chroot. There root inside the chroot escapes from chroot and calls commands outside.
I can imagine yet another kernel level solution: Implement a way to disallow TIOCSTI, eventually revoke terminal R/W access. This would need application level fixes: - Before calling the restricted process, disallow TIOCSTI. - After returning from the restricted process, revoke terminal R/W.
Brad Spengler (spender) said that looking into it, he didn't find legitimate uses of such ioctl, and no wide usage of writevt.
Some old systems had tiocsti(1) utility, probably used like a predecessor of readline.
Just for curiosity, I just ran grep for TIOCSTI ioctl() over all openSUSE sources. I got about 60 matches.
I analyzed use of some cases: util-linux: used in agetty in wait_for_term_input() kbd: contrib utility sti equal to tiocsti utility. irda: Used by handle_scancode() to emulate input. tcsh: Used in ed mode and in pushback(). emacs: Used in stuff_char() (putting char to be read from terminal) ... It seems that TIOCSTI is used for: - Read character, and if it does not match, put it back. - Wait for character, than put it back for processing. - Implementing a simple line editing. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbrabec@xxxxxxxx Lihovarská 1060/12 tel: +49 911 7405384547 190 00 Praha 9 fax: +420 284 084 001 Czech Republic http://www.suse.cz/ PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76 -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
