Module Name: src
Committed By: christos
Date: Thu Sep 29 21:46:32 UTC 2016
Modified Files:
src/sys/kern: tty.c
Log Message:
Only allow root to use TIOCSTI. Don't eat the kauth error number.
It is unexpected for an unprivileged process to gain privs by
typing to root's tty:
$ cat installer
#!/bin/sh
whoami
/usr/sbin/sti /dev/tty whoami\\n
$ su unprivileged -c ./installer
unprivileged
$ whoami
root
To generate a diff of this commit:
cvs rdiff -u -r1.271 -r1.272 src/sys/kern/tty.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/tty.c
diff -u src/sys/kern/tty.c:1.271 src/sys/kern/tty.c:1.272
--- src/sys/kern/tty.c:1.271 Thu Jul 7 02:55:43 2016
+++ src/sys/kern/tty.c Thu Sep 29 17:46:32 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: tty.c,v 1.271 2016/07/07 06:55:43 msaitoh Exp $ */
+/* $NetBSD: tty.c,v 1.272 2016/09/29 21:46:32 christos Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.271 2016/07/07 06:55:43 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.272 2016/09/29 21:46:32 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -1240,12 +1240,13 @@ ttioctl(struct tty *tp, u_long cmd, void
mutex_spin_exit(&tty_lock);
break;
case TIOCSTI: /* simulate terminal input */
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_STI,
- tp) != 0) {
+ if ((error = kauth_authorize_device_tty(l->l_cred,
+ KAUTH_DEVICE_TTY_STI, tp)) != 0) {
if (!ISSET(flag, FREAD))
- return (EPERM);
+ return EPERM;
if (!isctty(p, tp))
- return (EACCES);
+ return EACCES;
+ return error;
}
(*tp->t_linesw->l_rint)(*(u_char *)data, tp);
break;
