tty: Add sysctl knob to globally disable TIOCSTI
Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57233
This commit is contained in:
@@ -101,6 +101,10 @@ static int tty_drainwait = 5 * 60;
|
|||||||
SYSCTL_INT(_kern, OID_AUTO, tty_drainwait, CTLFLAG_RWTUN,
|
SYSCTL_INT(_kern, OID_AUTO, tty_drainwait, CTLFLAG_RWTUN,
|
||||||
&tty_drainwait, 0, "Default output drain timeout in seconds");
|
&tty_drainwait, 0, "Default output drain timeout in seconds");
|
||||||
|
|
||||||
|
static bool tty_tiocsti = true;
|
||||||
|
SYSCTL_BOOL(_security_bsd, OID_AUTO, tiocsti, CTLFLAG_RWTUN,
|
||||||
|
&tty_tiocsti, 0, "Allow TIOCSTI ioctl");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set TTY buffer sizes.
|
* Set TTY buffer sizes.
|
||||||
*/
|
*/
|
||||||
@@ -1651,6 +1655,10 @@ tty_set_winsize(struct tty *tp, const struct winsize *wsz)
|
|||||||
static int
|
static int
|
||||||
tty_sti_check(struct tty *tp, int fflag, struct thread *td)
|
tty_sti_check(struct tty *tp, int fflag, struct thread *td)
|
||||||
{
|
{
|
||||||
|
/* Check for global disable. */
|
||||||
|
if (!tty_tiocsti)
|
||||||
|
return (EPERM);
|
||||||
|
|
||||||
/* Root can bypass all of our constraints. */
|
/* Root can bypass all of our constraints. */
|
||||||
if (priv_check(td, PRIV_TTY_STI) == 0)
|
if (priv_check(td, PRIV_TTY_STI) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
|
|||||||
Reference in New Issue
Block a user