From 57202e61f6e2fcd933d78ea47e09f0552112e636 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 10 Jul 2017 14:37:11 +0200
Subject: [PATCH 157/310] sys/kern: Follow OpenBSD's lead and remove TIOCSTI
 support

... to prevent tty hijacking issues like CVE-2005-4890.

TIOCSTI is still used by by mail, but this could (probably) be
fixed by adding a "#undef TIOCSTI" or removing the definition
from sys/sys/ttycom.h.

Additionally TIOCSTI is still used in tcsh, but as tcsh isn't
compiled on ElectroBSD we don't care.

Obtained from: ElectroBSD
---
 sys/kern/tty.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 8dfe5e93780f..3308be22e568 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -585,7 +585,6 @@ ttydev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag,
 	case TIOCSPGRP:
 	case TIOCSTART:
 	case TIOCSTAT:
-	case TIOCSTI:
 	case TIOCSTOP:
 	case TIOCSWINSZ:
 #if 0
@@ -1952,14 +1951,7 @@ tty_generic_ioctl(struct tty *tp, u_long cmd, void *data, int fflag,
 		tty_info(tp);
 		return (0);
 	case TIOCSTI:
-		if ((fflag & FREAD) == 0 && priv_check(td, PRIV_TTY_STI))
-			return (EPERM);
-		if (!tty_is_ctty(tp, td->td_proc) &&
-		    priv_check(td, PRIV_TTY_STI))
-			return (EACCES);
-		ttydisc_rint(tp, *(char *)data, 0);
-		ttydisc_rint_done(tp);
-		return (0);
+		return (EIO);
 	}
 
 #ifdef COMPAT_43TTY
-- 
2.37.1