oss-security - Re: TTY pushback vulnerabilities / TIOCSTI

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <e5b767b2-373c-4fea-9bd2-1bbc1a2359a3@ehuk.net>
Date: Mon, 8 Jan 2024 11:58:06 +0000
From: Eddie Chapman <eddie@...k.net>
To: oss-security@...ts.openwall.com
Subject: Re: TTY pushback vulnerabilities / TIOCSTI

Jakub Wilk wrote:
> * Hanno Böck <hanno@...eck.de>, 2023-03-24 19:56:
> 
>> Here's a proposed patch to restrict access to the dangerous
>> functionality.
> 
> This patch has been included in Linux v6.7:
> https://git.kernel.org/linus/8d1b43f6a6df7bcea20982ad376a000d90906b42
> 
> --
> Jakub Wilk
> 

FWICT neither this nor the 2022 TIOCSTI patch
https://git.kernel.org/linus/83efeeeb3d04b22aaed1df99bc70a48fe9d22c4d

have been backported to any earlier kernels (yet).

I'd like to ask, does anyone know if any other work was needed in 6.2 
and/or 6.7 in addition to these 2 simple patches? They weren't part of a 
series, or have necessary prerequisite patches, right?

I've no idea nor wish to comment on whether either of them should/should 
not be backported. However, each by themselves look quite minimal and 
straightforward. On the face of it, anyone building their own older 
kernel could probably easily backport either of them if they wanted, if 
indeed this is all that is needed.

Eddie

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.