mcfly icon indicating copy to clipboard operation
mcfly copied to clipboard

Published 20 hours ago verified publisher icon cantino

bash: Denied TIOCSTI ioctl for non-privileged process

Open aminvakil opened this issue 3 years ago • 10 comments

Hitting Enter does not do anything, echo $? shows 0 though.

I found that it's adding this line in journalctl after each Enter or Tab:

Dec 15 14:44:51 hostname kernel: (NULL device *): Denied TIOCSTI ioctl for non-privileged process

Exiting it with Ctrl + C does not have this effect.

BTW I use arch :) and linux-hardened (https://github.com/anthraxx/linux-hardened).

aminvakil avatar Dec 15 '21 11:12 aminvakil

Yes, just confirmed it works on another kernel without the hardening flags upon compile, I'll try to find and see which one prevents the mcfly from working and if there is workaround or not.

aminvakil avatar Dec 15 '21 12:12 aminvakil

I'm not sure if there is a workaround for this in runtime or not, but maybe there is a mcfly configuration which prevents these calls? Although I don't think mcfly can work without these... :( https://github.com/anthraxx/linux-hardened/commit/8aacf45 https://github.com/anthraxx/linux-hardened/commit/70d9a4

aminvakil avatar Dec 15 '21 12:12 aminvakil

mcfly works in zsh without TIOCSTI I think, but not bash.

cantino avatar Dec 16 '21 00:12 cantino

mcfly works in zsh without TIOCSTI I think, but not bash.

I have installed zsh and I can confirm mcfly works fine using it, bash still has the same problem though.

Feel free to close the issue if there isn't an interest in fixing it, too customized environment, ...

aminvakil avatar Dec 17 '21 12:12 aminvakil

Not sure if this can be fixed, but if so it should be done so I would leave the issue open.

Tatsh avatar Feb 21 '23 11:02 Tatsh

The option is now CONFIG_LEGACY_TIOCSTI in the kernel as of 6.2.0. Leave it enabled as disabling it can bring up too many unexpected broken-ness.

Tatsh avatar Feb 21 '23 11:02 Tatsh

@Tatsh Thanks for taking a look into it, linux-hardened has not been updated to 6.2 yet, I'll report back after upgrading to 6.2 if this issue has been changed or not.

aminvakil avatar Feb 21 '23 12:02 aminvakil

@Tatsh Thanks for taking a look into it, linux-hardened has not been updated to 6.2 yet, I'll report back after upgrading to 6.2 if this issue has been changed or not.

If you disable CONFIG_LEGACY_TIOCSTI mcfly and other things really strangely do not work.

Tatsh avatar Feb 22 '23 02:02 Tatsh

OK, linux-hardened has been upgraded to 6.4.3 and I could finally test this. It's still not working, but I think this is another issue.

Nothing shows up in journal, but hitting enter still does not do anything. echo $? prints 130.

aminvakil avatar Jul 19 '23 12:07 aminvakil

Capabilities might be useful to allow mcfly admin access without compromising the rest of the system. Still it does not make sense that mcfly should need that level of access. I have not found sufficient information about what other projects are doing about this. Most distros are leaving this option enabled.

Tatsh avatar Jul 19 '23 20:07 Tatsh