tty: Add sysctl knob to globally disable TIOCSTI

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57233
This commit is contained in:
Ed Maste
2026-05-25 09:59:40 -04:00
parent 13fb6dbc73
commit c289291a67
+8
View File
@@ -101,6 +101,10 @@ static int tty_drainwait = 5 * 60;
SYSCTL_INT(_kern, OID_AUTO, tty_drainwait, CTLFLAG_RWTUN,
&tty_drainwait, 0, "Default output drain timeout in seconds");
static bool tty_tiocsti = true;
SYSCTL_BOOL(_security_bsd, OID_AUTO, tiocsti, CTLFLAG_RWTUN,
&tty_tiocsti, 0, "Allow TIOCSTI ioctl");
/*
* Set TTY buffer sizes.
*/
@@ -1651,6 +1655,10 @@ tty_set_winsize(struct tty *tp, const struct winsize *wsz)
static int
tty_sti_check(struct tty *tp, int fflag, struct thread *td)
{
/* Check for global disable. */
if (!tty_tiocsti)
return (EPERM);
/* Root can bypass all of our constraints. */
if (priv_check(td, PRIV_TTY_STI) == 0)
return (0);