kern: tty: refactor TIOCSTI privilege checks slightly
ClosedPublic
Actions

Authored by kevans on May 24 2025, 12:36 AM.

Details

Reviewers

emaste
kib
markj

Commits

rG59fc4cda1bfa: kern: tty: refactor TIOCSTI privilege checks slightly

Summary

This removes some repetition from it and makes the flow a little more
obvious. Future work may find some way to add more constraints to the
unprivileged path, add a security sysctl to disable it, or perhaps
some combination of the two.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kevans created this revision.May 24 2025, 12:36 AM

Herald added subscribers: olce, imp. · View Herald TranscriptMay 24 2025, 12:36 AM

kevans requested review of this revision.May 24 2025, 12:36 AM

Harbormaster completed remote builds in B64401: Diff 155963.May 24 2025, 12:36 AM

markj accepted this revision.May 24 2025, 1:26 AM

markj added inline comments.

sys/kern/tty.c
1653	Or just `if (priv_check(td, PRIV_TTY_STI) == 0) return (0);`.

This revision is now accepted and ready to land.May 24 2025, 1:26 AM

kevans marked an inline comment as done.May 24 2025, 1:33 AM

kib accepted this revision.May 24 2025, 2:52 AM

kib added inline comments.

sys/kern/tty.c
1656	This is counter-intuitive BTW.

kevans added inline comments.May 24 2025, 3:57 AM

sys/kern/tty.c
1656	I agree, but I haven't yet spent any time tracking down the current requirements -- I would've expected to need FWRITE instead to alter the tty buffer.