Date: Tue, 09 Jun 2026 16:39:12 +0000 From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: c289291a6736 - main - tty: Add sysctl knob to globally disable TIOCSTI Message-ID: <6a2841b0.2606b.19febe36@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=c289291a6736c01dd68fb8459ec3801859b0a59a commit c289291a6736c01dd68fb8459ec3801859b0a59a Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2026-05-25 13:59:40 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2026-06-09 16:38:54 +0000 tty: Add sysctl knob to globally disable TIOCSTI Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57233 --- sys/kern/tty.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 3d20d225087c..13147613f7f6 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -101,6 +101,10 @@ static int tty_drainwait = 5 * 60; SYSCTL_INT(_kern, OID_AUTO, tty_drainwait, CTLFLAG_RWTUN, &tty_drainwait, 0, "Default output drain timeout in seconds"); +static bool tty_tiocsti = true; +SYSCTL_BOOL(_security_bsd, OID_AUTO, tiocsti, CTLFLAG_RWTUN, + &tty_tiocsti, 0, "Allow TIOCSTI ioctl"); + /* * Set TTY buffer sizes. */ @@ -1651,6 +1655,10 @@ tty_set_winsize(struct tty *tp, const struct winsize *wsz) static int tty_sti_check(struct tty *tp, int fflag, struct thread *td) { + /* Check for global disable. */ + if (!tty_tiocsti) + return (EPERM); + /* Root can bypass all of our constraints. */ if (priv_check(td, PRIV_TTY_STI) == 0) return (0);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2841b0.2606b.19febe36>