Control: reassign -1 src:util-linux Hi Cris,
On Sat, Apr 29, 2023 at 11:47:40PM +0200, Chris Hofstaedtler wrote: > Control: reassign -1 src:linux > Control: affects -1 src:util-linux > > Dear Kernel Maintainers, Security Team, > > * Sam Morris <s...@robots.org.uk>: > > Linux 6.2 introduces a sysctl dev.tty.legacy_tiocsti sysctl which can be > > used to disable TIOCSTI. The default value of the sysctl is set at build > > time with CONFIG_LEGACY_TIOCSTI. > > > > <https://cateee.net/lkddb/web-lkddb/LEGACY_TIOCSTI.html> > > Maybe we can get this into 6.1? (For the metainformation I'm assigning it back to su, where the CVE(s) originally got assigned, but we can close the bug in future once the root issue is addressed on kernel side, I hope you are okay with that). It is unlikely we are going to enable this in bookworm, even if the change will be backported to 6.1.y, that is if the change would now be backported, I assume we will need to stick with the default being enabled. The time was too narrow before the freeze. But we have #1033095[1] for the corresponding bug on src:linux and to disable TIOCSTI it early in the trixie development cycle by default (which comes automatically). [1]: https://bugs.debian.org/1033095 Hope this helps so far? Regards, Salvatore
