Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <043b82cc304acacf@millert.dev>
Date: Tue, 18 Apr 2023 08:27:16 -0600
From: "Todd C. Miller" <Todd.Miller@...o.ws>
To: Ruihan Li <lrh2000@....edu.cn>
cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com
Subject: Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution

On Tue, 18 Apr 2023 20:41:35 +0800, Ruihan Li wrote:

> I just noticed that sudo added the isatty check a day ago (April 17th)
> [1]. I think this change was inspired by this vulnerability, wasn't it?
> However, as Jakub Wilk pointed out, isatty is still implemented by an
> ioctl call, so the addition of this check has nothing to do with this
> vulnerability. Nevertheless, it is still a good idea to make sure isatty
> succeeds before using ioctl calls with other (perhaps more complex and
> arbitrary) tty commands.
>
> [1]: https://github.com/sudo-project/sudo/commit/5650b436e6ba20807758a4154e70
> 9c10c1c87be8 

That is correct.  There are further changes to use TIOCGWINSZ on
/dev/tty instead of stderr.  Using an open fd of /dev/tty makes the
isatty() call superfluous but it doesn't hurt to have it.

 - todd

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.