Terminal File Descriptor Problem

There are long known issues with the IOCTL commands TIOCSTI and TIOCLINUX on terminal devices (TiocstiTioclinuxSecurityProblems).

On modern Linux distributions, TIOCSTI and the relevant TIOCLINUX subcommands have been disabled.

If the following two criteria are met, you are not affected any more:

• Kernel version 6.7 or higher (or alternatively, 8d1b43f6a6 was backported)
• cat /proc/sys/dev/tty/legacy_tiocsti should print 0

On older Linux distributions, it is advisable to close the file descriptors of potential TTY devices on stdin, stdout and stderr, so that landlocked processes can’t break out of their sandbox through them.

The history of this bug is a long story which is explained in more detail at TiocstiTioclinuxSecurityProblems.