Forum: >>> Magnum BBS <<<

Re: Bug#905745: util-linux: tty hijacking possible in "su" via TIOCSTI

From Salvatore Bonaccorso@21:1/5 to Chris Hofstaedtler on Sun Apr 30 06:20:01 2023

Control: reassign -1 src:util-linux

Hi Cris,

On Sat, Apr 29, 2023 at 11:47:40PM +0200, Chris Hofstaedtler wrote:

Control: reassign -1 src:linux
Control: affects -1 src:util-linux

Dear Kernel Maintainers, Security Team,

* Sam Morris <sam@robots.org.uk>:

Linux 6.2 introduces a sysctl dev.tty.legacy_tiocsti sysctl which can be used to disable TIOCSTI. The default value of the sysctl is set at build time with CONFIG_LEGACY_TIOCSTI.

<https://cateee.net/lkddb/web-lkddb/LEGACY_TIOCSTI.html>

Maybe we can get this into 6.1?

(For the metainformation I'm assigning it back to su, where the CVE(s) originally got assigned, but we can close the bug in future once the
root issue is addressed on kernel side, I hope you are okay with
that).

It is unlikely we are going to enable this in bookworm, even if the
change will be backported to 6.1.y, that is if the change would now be backported, I assume we will need to stick with the default being
enabled. The time was too narrow before the
freeze. But we have #1033095[1] for the corresponding bug on src:linux
and to disable TIOCSTI it early in the trixie development cycle by
default (which comes automatically).

[1]: https://bugs.debian.org/1033095

Hope this helps so far?

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	154:46:50
Calls:	10,383
Files:	14,054
Messages:	6,417,848