Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 901393 (CVE-2023-28339)

Summary: app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection
Product: Gentoo Security Reporter: Sebastian Pipping <sping>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: major CC: felix.janda, proxy-maint, sping
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/Duncaen/OpenDoas/issues/106#issuecomment-1467202981
See Also: https://bugs.gentoo.org/show_bug.cgi?id=901507
Whiteboard: B1 [upstream]
Package list:
Runtime testing required: ---

Description Sebastian Pipping gentoo-dev 2023-03-15 23:36:42 UTC
See URL for details and demo, please.  Unfixed upstream.

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-16 19:58:43 UTC
(remember to CC maintainers if you can)

thanks!
Comment 2 Sebastian Pipping gentoo-dev 2023-03-16 20:07:45 UTC
(In reply to Sam James from comment #1)
> (remember to CC maintainers if you can)

Didn't think of it, sorry.  Good point, thanks!
Comment 4 Sebastian Pipping gentoo-dev 2025-01-07 16:29:22 UTC
(In reply to William Hubbs from comment #3)
> https://jdebp.uk/FGA/TIOCSTI-is-a-kernel-problem.html

I wish that article was promoted less than more, because it effectively promotes not fixing userland and has four "[..] are false" statements that are not true: If I have two pieces of software and one can be exploited and the other cannot to gain privileges via TIOCSTI, then the bug is in that software that can be exploited, not in the kernel.  A controlling terminal should not be handed to a process with different permissions in the first place, hence it needs a pane of PTY glass in front of it.  There are people working on that topic but it takes time.