> This is my point. Apps will continue to shoot themselves in the foot. Of > course > the correct response to one of these vulns is to not pass ttys across a > security boundary. We have an opportunity here to reduce the impact of this > bug > class at the kernel level.
Not really. If you pass me your console for example I can mmap your framebuffer and spy on you all day. Or I could reprogram your fonts, your keyboard, your video mode, or use set and paste selection to write stuff. If you are using X and you can't get tty handles right you'll no doubt pass me a copy of your X file descriptor in which case I own your display, your keyboard and your mouse and I don't need to use TIOCSTI there either. There are so many different attacks based upon that screwup that the kernel cannot defend against them. You aren't exactly reducing the impact. Alan