Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 901393 (CVE-2023-28339) - app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection
Summary: app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX comm...
Status: CONFIRMED
Alias: CVE-2023-28339
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://github.com/Duncaen/OpenDoas/i...
Whiteboard: B1 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-15 23:36 UTC by Sebastian Pipping
Modified: 2025-01-07 16:29 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Pipping gentoo-dev 2023-03-15 23:36:42 UTC
See URL for details and demo, please.  Unfixed upstream.

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-16 19:58:43 UTC
(remember to CC maintainers if you can)

thanks!
Comment 2 Sebastian Pipping gentoo-dev 2023-03-16 20:07:45 UTC
(In reply to Sam James from comment #1)
> (remember to CC maintainers if you can)

Didn't think of it, sorry.  Good point, thanks!
Comment 4 Sebastian Pipping gentoo-dev 2025-01-07 16:29:22 UTC
(In reply to William Hubbs from comment #3)
> https://jdebp.uk/FGA/TIOCSTI-is-a-kernel-problem.html

I wish that article was promoted less than more, because it effectively promotes not fixing userland and has four "[..] are false" statements that are not true: If I have two pieces of software and one can be exploited and the other cannot to gain privileges via TIOCSTI, then the bug is in that software that can be exploited, not in the kernel.  A controlling terminal should not be handed to a process with different permissions in the first place, hence it needs a pane of PTY glass in front of it.  There are people working on that topic but it takes time.