[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] TIOCSTI not going away
From:       christos () zoulas ! com (Christos Zoulas)
Date:       2017-06-29 15:54:06
Message-ID: 20170629155406.E063617FDA8 () rebar ! astron ! com
[Download RAW message or body]

On Jun 29,  4:23pm, solar@openwall.com (Solar Designer) wrote:
-- Subject: Re: [oss-security] TIOCSTI not going away

| Maybe Christos could comment on tcsh?

TL;DR: tcsh will not lose functionality if TIOCSTI is gone.

tcsh uses TIOCSTI in the editor e_stuff_char() function which is unbound
by default; not many people know about this or use it. There is also the
old FILEC code from csh (that used TIOCSTI to do file completion with
<ESC>), but that is not compiled in. I should remove it but it is kept
there merely for nostalgia :-)

One can be much stricter though about who is allowed to use TIOCSTI
like I've done for NetBSD (require exact credentials match on the
tty). For example the typical example of root running an unprivileged
installer on NetBSD fails:

# cat installer
#!/bin/sh
whoami
/usr/sbin/sti /dev/tty whoami\\n

# su unprivileged -c ./installer
unprivileged
sti: Cannot simulate terminal input: Operation not permitted
# whoami
root

christos
[prev in list] [next in list] [prev in thread] [next in thread]