Dave Mielke, le lun. 26 juin 2023 12:49:05 -0400, a ecrit: > TIOCSTI injects input. Of course one could argue that that poses a security > risk, but how is that different from creating a uinput device and injecting > key events? What am I missing?
Basically, TIOCSTI is not privileged and permits escaping a su-to-user, this is exampled on https://lore.kernel.org/linux-hardening/Y0m9l52AKmw6Yxi1@hostpad Samuel _______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: BRLTTY@brltty.app For general information, go to: http://brltty.app/mailman/listinfo/brltty
