bash: Denied TIOCSTI ioctl for non-privileged process

[aminvakil]

Hitting Enter does not do anything, echo $? shows 0 though.

I found that it's adding this line in journalctl after each Enter or Tab:

Dec 15 14:44:51 hostname kernel: (NULL device *): Denied TIOCSTI ioctl for non-privileged process

Exiting it with Ctrl + C does not have this effect.

BTW I use arch :) and linux-hardened (https://github.com/anthraxx/linux-hardened).

[aminvakil]

Yes, just confirmed it works on another kernel without the hardening flags upon compile, I'll try to find and see which one prevents the mcfly from working and if there is workaround or not.

[aminvakil]

I'm not sure if there is a workaround for this in runtime or not, but maybe there is a mcfly configuration which prevents these calls? Although I don't think mcfly can work without these... :( https://github.com/anthraxx/linux-hardened/commit/8aacf45 https://github.com/anthraxx/linux-hardened/commit/70d9a4

[cantino]

mcfly works in zsh without TIOCSTI I think, but not bash.

[aminvakil]

mcfly works in zsh without TIOCSTI I think, but not bash.

I have installed zsh and I can confirm mcfly works fine using it, bash still has the same problem though.

Feel free to close the issue if there isn't an interest in fixing it, too customized environment, ...

[Tatsh]

Not sure if this can be fixed, but if so it should be done so I would leave the issue open.

[Tatsh]

The option is now CONFIG_LEGACY_TIOCSTI in the kernel as of 6.2.0. Leave it enabled as disabling it can bring up too many unexpected broken-ness.

[aminvakil]

@Tatsh Thanks for taking a look into it, linux-hardened has not been updated to 6.2 yet, I'll report back after upgrading to 6.2 if this issue has been changed or not.

[Tatsh]

@Tatsh Thanks for taking a look into it, linux-hardened has not been updated to 6.2 yet, I'll report back after upgrading to 6.2 if this issue has been changed or not.

If you disable CONFIG_LEGACY_TIOCSTI mcfly and other things really strangely do not work.

[aminvakil]

OK, linux-hardened has been upgraded to 6.4.3 and I could finally test this. It's still not working, but I think this is another issue.

Nothing shows up in journal, but hitting enter still does not do anything. echo $? prints 130.

[Tatsh]

Capabilities might be useful to allow mcfly admin access without compromising the rest of the system. Still it does not make sense that mcfly should need that level of access. I have not found sufficient information about what other projects are doing about this. Most distros are leaving this option enabled.