This bug was fixed in the package linux - 6.8.0-11.11
---------------
linux (6.8.0-11.11) noble; urgency=medium
* noble/linux: 6.8.0-11.11 -proposed tracker (LP: #2053094)
* Miscellaneous Ubuntu changes
- [Packaging] riscv64: disable building unnecessary binary debs
-- Paolo Pisati <paolo.pis...@canonical.com> Wed, 14 Feb 2024 00:04:31
+0100
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2046192
Title:
Disable Legacy TIOCSTI
Status in linux package in Ubuntu:
Fix Released
Bug description:
[Impact]
From the config option description:
Historically the kernel has allowed TIOCSTI, which will push
characters into a controlling TTY. This continues to be used
as a malicious privilege escalation mechanism, and provides no
meaningful real-world utility any more. Its use is considered
a dangerous legacy operation, and can be disabled on most
systems.
[Test case]
Test that TIOCSTI is not allowed by unprivileged user, while still allowed by
CAP_SYS_ADMIN.
[Potential regression]
Programs relying on TIOCSTI may break.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2046192/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
