diff --git a/src/su.c b/src/su.c index 8cea0d1f04..d07f9590c5 100644 --- a/src/su.c +++ b/src/su.c @@ -56,6 +56,7 @@ #ifdef USE_PAM #include "pam_defs.h" #endif /* USE_PAM */ +#include "io/fgets/fgets.h" #include "pwauth.h" #include "prototypes.h" #include "shadowlog.h" @@ -996,6 +997,29 @@ static void set_environment (struct passwd *pw) } +/* + * See the following kernel commit: + * commit 83efeeeb3d04b22aaed1df99bc70a48fe9d22c4d + * Author: Kees Cook + * Date: Sat Oct 22 11:29:49 2022 -0700 + * Subject: tty: Allow TIOCSTI to be disabled + */ +static bool legacy_tiocsti_is_disabled(void) { + char buf[3]; + FILE *fp; + void *ret; + + fp = fopen("/proc/sys/dev/tty/legacy_tiocsti", "r"); + if (NULL == fp) + return false; + ret = fgets_a(buf, fp); + fclose(fp); + if (ret == NULL) + return false; + + return buf[0] == '0'; +} + /* * su - switch user id * @@ -1010,6 +1034,7 @@ int main (int argc, char **argv) { const char *cp; struct passwd *pw = NULL; + bool need_pty_prot; #ifdef USE_PAM int ret; @@ -1023,6 +1048,8 @@ int main (int argc, char **argv) save_caller_context(); + need_pty_prot = caller_is_root && !legacy_tiocsti_is_disabled(); + OPENLOG (Prog); process_flags (argc, argv); @@ -1152,7 +1179,7 @@ int main (int argc, char **argv) set_environment (pw); - if (!doshell) { + if (!doshell || need_pty_prot) { /* There is no need for a controlling terminal. * This avoids the callee to inject commands on * the caller's tty. */