If we're adjusting applications, they should be made to avoid TIOSCTI
completely. This looks to me a lot like the symlink restrictions: yes,
userspace should be fixed to the do the right thing, but why not
provide support to userspace to avoid the problem entirely?

We do it's called pty/tty. There isn't any other way to do this correctly
because TIOCSTI is just one hundreds of things the attacker can do to
make your life miserable in the case you create a child process of lower
security privilege and give it your tty file handle or worse (like some
container crapware) your X11 socket fd.

Does it really matter any more or less if I reprogram your enter key, use
TIOCSTI, set the baud rate, change all your fonts ?

The mainstream tools like sudo get this right (*). Blocking TIOCSTI fixes
nothing and breaks apps. If it magically fixed the problem it might make
sense but it doesn't. You actually have to get an adult to write the
relevant code.

Alan
(*) Almost. There's an old world trick of sending "+++" "ATE1" "rm -rf
*\r\n" to try and attack improperly configured remote modem sessions but
the stuff that matters is handled.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html