[Pkg-utopia-maintainers] Bug#812512: Bug#812512: pkexec tty hijacking via TIOCSTI ioctl

Sun Feb 25 16:19:55 GMT 2024

On Sun, 13 Jun 2021 17:10:59 -0700 argv minus one
<argv.minus.one at gmail.com> wrote:
> On Sun, Jun 13, 2021, 6:14 AM Michael Biebl <biebl at debian.org> wrote:
> 
> > Hm, I'm not seeing a patch there. Do you maybe have link to this
kernel
> > patch?
> >
> 
> No, sorry. The existence of such a patch is implied by [1], and there
was
> an unsuccessful attempt to merge such a patch into upstream Linux
[2], but
> that's all I know about it.
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1299955#c1
> [2] https://lore.kernel.org/patchwork/patch/793178/
> 
> >

Seems like this was merged in a form in stable by commit
83efeeeb3d04b22aaed1df99bc70a48fe9d22c4d "tty: Allow TIOCSTI to be
disabled" (which disable it completely AFAIK) 2022-11-03 (first in
v6.2-rc1, not in linux-6.1.y, included in linux-6.3.y, included in
linux-6.4.y, included in linux-6.5.y)  and fixed up by commit 
690c8b804ad2eafbd35da5d3c95ad325ca7d5061 "TIOCSTI: always enable for
CAP_SYS_ADMIN" 	2023-07-20 which keep it always on for CAP_SYS_ADMIN
(to fix braille via brltty) (first in v6.5-rc4, not in linux-6.3.y,
included in linux-6.4.y, included in linux-6.5.y).

Maybe this "disable flag" could be turned on in the Debian kernel?

Still from
https://lore.kernel.org/lkml/2ab8580e-bf8e-21bd-6bfa-33e5fa82400b@nmatt.com/
it looks like this should not be necessary : " any TIOCSTI
protection doesn't matter if the program correctly allocates a tty/pty
pair. This protections seeks to protect users from programs that don't
do things correctly."

Also this looks like a policykit upstream issue. Do policykit devs
really told that their employer kernel had this feature disabled so
they would not work on fixing this CVE? Scary.

Maybe asking Alan Cox for help designing a proper fix for policykit
would be better... from his comment no program ought to requires
disabling this feature.

Regards,
Alban