Module Name: src Committed By: christos Date: Thu Sep 29 21:46:32 UTC 2016
Modified Files: src/sys/kern: tty.c Log Message: Only allow root to use TIOCSTI. Don't eat the kauth error number. It is unexpected for an unprivileged process to gain privs by typing to root's tty: $ cat installer #!/bin/sh whoami /usr/sbin/sti /dev/tty whoami\\n $ su unprivileged -c ./installer unprivileged $ whoami root To generate a diff of this commit: cvs rdiff -u -r1.271 -r1.272 src/sys/kern/tty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/tty.c diff -u src/sys/kern/tty.c:1.271 src/sys/kern/tty.c:1.272 --- src/sys/kern/tty.c:1.271 Thu Jul 7 02:55:43 2016 +++ src/sys/kern/tty.c Thu Sep 29 17:46:32 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: tty.c,v 1.271 2016/07/07 06:55:43 msaitoh Exp $ */ +/* $NetBSD: tty.c,v 1.272 2016/09/29 21:46:32 christos Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.271 2016/07/07 06:55:43 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.272 2016/09/29 21:46:32 christos Exp $"); #ifdef _KERNEL_OPT #include "opt_compat_netbsd.h" @@ -1240,12 +1240,13 @@ ttioctl(struct tty *tp, u_long cmd, void mutex_spin_exit(&tty_lock); break; case TIOCSTI: /* simulate terminal input */ - if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_STI, - tp) != 0) { + if ((error = kauth_authorize_device_tty(l->l_cred, + KAUTH_DEVICE_TTY_STI, tp)) != 0) { if (!ISSET(flag, FREAD)) - return (EPERM); + return EPERM; if (!isctty(p, tp)) - return (EACCES); + return EACCES; + return error; } (*tp->t_linesw->l_rint)(*(u_char *)data, tp); break;