From 7fdfe7c50b75ba7928d30075194bdb234bc3ac5c Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 10 Jul 2017 14:37:11 +0200
Subject: [PATCH 171/325] sys/kern: Follow OpenBSD's lead and remove TIOCSTI
 support

... to prevent tty hijacking issues like CVE-2005-4890.

TIOCSTI is still used by by mail, but this could (probably) be
fixed by adding a "#undef TIOCSTI" or removing the definition
from sys/sys/ttycom.h.

Additionally TIOCSTI is still used in tcsh, but as tcsh isn't
compiled on ElectroBSD we don't care.

Obtained from: ElectroBSD
---
 sys/kern/tty.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index f80ffd4921e6..a1f303865318 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -576,7 +576,6 @@ ttydev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag,
 	case TIOCSPGRP:
 	case TIOCSTART:
 	case TIOCSTAT:
-	case TIOCSTI:
 	case TIOCSTOP:
 	case TIOCSWINSZ:
 #if 0
@@ -1951,14 +1950,7 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *data, int fflag,
 		tty_info(tp);
 		return (0);
 	case TIOCSTI:
-		if ((fflag & FREAD) == 0 && priv_check(td, PRIV_TTY_STI))
-			return (EPERM);
-		if (!tty_is_ctty(tp, td->td_proc) &&
-		    priv_check(td, PRIV_TTY_STI))
-			return (EACCES);
-		ttydisc_rint(tp, *(char *)data, 0);
-		ttydisc_rint_done(tp);
-		return (0);
+		return (EIO);
 	}
 
 #ifdef COMPAT_43TTY
-- 
2.32.0