{"id":17928453,"url":"https://github.com/hartwork/antijack","last_synced_at":"2025-09-18T01:32:22.469Z","repository":{"id":142997834,"uuid":"614039919","full_name":"hartwork/antijack","owner":"hartwork","description":":ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)","archived":false,"fork":false,"pushed_at":"2025-08-18T17:38:50.000Z","size":80,"stargazers_count":11,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-08-18T19:28:48.039Z","etag":null,"topics":["c99","command-injection","doas","ioctl","libseccomp","linux","seccomp","seccomp-filter","seccomp-filtering","seccomp-tools","security","sudo","syscall-filter","syscalls","tioclinux","tiocsti","tty"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hartwork.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-03-14T19:12:44.000Z","updated_at":"2025-08-18T17:38:47.000Z","dependencies_parsed_at":"2023-05-09T18:32:19.605Z","dependency_job_id":"3ddaa8c6-1384-4732-955d-b5311337dbe2","html_url":"https://github.com/hartwork/antijack","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hartwork/antijack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fantijack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fantijack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fantijack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fantijack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hartwork","download_url":"https://codeload.github.com/hartwork/antijack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hartwork%2Fantijack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275695805,"owners_count":25511349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-17T02:00:09.119Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c99","command-injection","doas","ioctl","libseccomp","linux","seccomp","seccomp-filter","seccomp-filtering","seccomp-tools","security","sudo","syscall-filter","syscalls","tioclinux","tiocsti","tty"],"created_at":"2024-10-28T21:03:04.121Z","updated_at":"2025-09-18T01:32:22.213Z","avatar_url":"https://github.com/hartwork.png","language":"C","readme":"[![Build and on Linux](https://github.com/hartwork/antijack/actions/workflows/linux.yml/badge.svg)](https://github.com/hartwork/antijack/actions/workflows/linux.yml)\n[![Enforce clang-format](https://github.com/hartwork/antijack/actions/workflows/clang-format.yml/badge.svg)](https://github.com/hartwork/antijack/actions/workflows/clang-format.yml)\n\n\n# What is antijack?\n\n**antijack** was inspired by [ttyjack](https://github.com/jwilk/ttyjack)\nand is its counterpart in some sense, hence the name.\n\n**antijack**'s mission is threefold:\n\n- demo execution of a program in a way where it *cannot* inject\n  commands via ioctls `TIOCSTI` and/or `TIOCLINUX`\n  into the surrounding controlling terminal,\n  e.g. try `antijack ttyjack echo nope`.\n- generate and dump a seccomp syscall filter (a BPF program)\n  that blocks ioctls `TIOCSTI` and `TIOCLINUX`\n  into a file for use with\n  e.g. [bubblewrap](https://github.com/containers/bubblewrap)\n  a la `bwrap --seccomp 3 [..] 3\u003c \u003c(antijack --dump /dev/stdout)`.\n- demo mitigation at syscall level for Linux leveraging\n  [libseccomp](https://github.com/seccomp/libseccomp).\n  **May not be enough!**, more on that below.\n\nIt should be noted that:\n\n- Alternative options for mitigation include:\n  - `setsid(2)` (or `setsid(1)`) with drawbacks or\n  - use of a PTY.\n- With security in mind, we need to ask\n  \"why should access to the controlling terminal be granted?\"\n  not \"why should it be taken away?\"\n  Use of a PTY by default is a consequence of that.\n  The fact that `TIOCLINUX` attacks came to awareness later than `TIOCSTI`\n  indicates that when the next attack like these will be discovered,\n  those who are blocking single ioctls will have to adjust while\n  those using a PTY may already by protected.\n- The defaults for `su` and `sudo` are known-vulnerable as of 2023-03-16.\n  - For `su` it takes `--pty`.\n  - For `sudo` it takes `Defaults use_pty` in `/etc/sudoers`.\n- Both util-linux and GNU coreutils have reverted their\n  use of [libseccomp](https://github.com/seccomp/libseccomp) for mitigation:\n  - https://github.com/util-linux/util-linux/commit/23f75093264aae5d58d61016cb1a29d8ebdfa157\n  - https://github.com/coreutils/coreutils/commit/f5d7c0842ef7adc2be6e85f9ef66b35ebbbd6a61\n- The syscall filter is easy to mis-implement,\n  e.g. see [CVE-2019-10063](https://nvd.nist.gov/vuln/detail/CVE-2019-10063)\n  and/or\n  [commit 5f6bd3aa6e6a15f644923afa66fb0068736e2b8d](https://github.com/hartwork/antijack/commit/5f6bd3aa6e6a15f644923afa66fb0068736e2b8d).\n\n\n# Requirements\n\n- C99 compiler\n- Linux build and target host\n- glibc ≥ 2.32\n- GNU make\n- [libseccomp](https://github.com/seccomp/libseccomp)\n\n\n# How to compile\n\n```\n$ make\n```\n\n\n# Example output (on `x86_64`)\n\n```\n$ antijack --help\nusage: antijack [-v|--verbose] [-o|--dump PATH.bpf] [--] [COMMAND [ARG ..]]\n   or: antijack -h|--help\n\n$ antijack -v -- ttyjack echo nope\n[*] Initializing libseccomp...\n[+]   Done.\n[*] Adding rule block TIOCSTI ioctls...\n[+]   Done.\n[*] Adding rule block TIOCLINUX ioctls...\n[+]   Done.\n[*] Loading seccomp rules into the kernel...\n#\n# pseudo filter code start\n#\n# filter for arch x86_64 (3221225534)\nif ($arch == 3221225534)\n  # filter for syscall \"ioctl\" (16) [priority: 65532]\n  if ($syscall == 16)\n    if ($a1.hi32 \u0026 0x00000000 == 0)\n      if ($a1.lo32 \u0026 0xffffffff == 21532)\n        action KILL_PROCESS;\n      if ($a1.lo32 \u0026 0xffffffff == 21522)\n        action KILL_PROCESS;\n  # default action\n  action ALLOW;\n# invalid architecture action\naction KILL;\n#\n# pseudo filter code end\n#\n[+]   Done.\n[*] Releasing libseccomp...\n[+]   Done.\n[*] Running ttyjack...\nBad system call\n\n$ antijack --dump filter.bpf\n\n$ wc -c \u003c filter.bpf\n112\n```\n\n\n# Related CVEs (not mine)\n\n- [CVE-2005-4890](https://nvd.nist.gov/vuln/detail/CVE-2005-4890) for `su` of util-linux and `sudo`\n- [CVE-2006-7098](https://nvd.nist.gov/vuln/detail/CVE-2006-7098) for Apache\n- [CVE-2007-1400](https://nvd.nist.gov/vuln/detail/CVE-2007-1400) for [plash](https://github.com/mseaborn/plash)\n- [CVE-2011-1408](https://nvd.nist.gov/vuln/detail/CVE-2011-1408) for `ikiwiki-mass-rebuild` of ikiwiki\n- [CVE-2013-6409](https://nvd.nist.gov/vuln/detail/CVE-2013-6409) for [adequate](https://packages.debian.org/sid/adequate)\n- [CVE-2016-2568](https://nvd.nist.gov/vuln/detail/CVE-2016-2568) for `pkexec` of Polkit\n- [CVE-2016-2779](https://nvd.nist.gov/vuln/detail/CVE-2016-2779) for `runuser` of util-linux\n- [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) for `chroot` of GNU Coreutils\n- [CVE-2016-7545](https://nvd.nist.gov/vuln/detail/CVE-2016-7545) for `policycoreutils` of SELinux\n- [CVE-2016-9016](https://nvd.nist.gov/vuln/detail/CVE-2016-9016) for Firejail\n- [CVE-2016-10124](https://nvd.nist.gov/vuln/detail/CVE-2016-10124) for `lxc-attach` of LXC\n- [CVE-2016-?????](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24541) for `runcon` of GNU Coreutils\n- [CVE-2017-5226](https://nvd.nist.gov/vuln/detail/CVE-2017-5226) for bubblewrap (or Flatpak)\n- [CVE-2019-7303](https://nvd.nist.gov/vuln/detail/CVE-2019-7303) for `snapd` of Snap\n- [CVE-2019-10063](https://nvd.nist.gov/vuln/detail/CVE-2019-10063) for Flatpak\n- [CVE-2019-11460](https://nvd.nist.gov/vuln/detail/CVE-2019-11460) for `gnome-desktop` of GNOME\n- [CVE-2019-11461](https://nvd.nist.gov/vuln/detail/CVE-2019-11461) for Nautilus of GNOME\n- [CVE-2020-13753](https://nvd.nist.gov/vuln/detail/CVE-2020-13753) for WebKitGTK\n- [CVE-2021-?????](https://hackerone.com/reports/1283871) for Homebrew\n- [CVE-2023-28100](https://nvd.nist.gov/vuln/detail/CVE-2023-28100) for Flatpak\n- [CVE-2023-28339](https://nvd.nist.gov/vuln/detail/CVE-2023-28339) for OpenDoas\n- [CVE-2023-?????](https://github.com/slicer69/doas/issues/110) for doas (except on OpenBSD \u003e=6.2)\n- [CVE-2023-46277](https://nvd.nist.gov/vuln/detail/CVE-2023-46277) for pleaser/please\n- [CVE-2023-?????](https://github.com/illiliti/ssu/issues/13) for ssu\n- [CVE-2023-?????](https://github.com/memorysafety/sudo-rs/issues/159) for sudo-rs\n\n---\n[Sebastian Pipping](https://github.com/hartwork), Berlin, 2023\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhartwork%2Fantijack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhartwork%2Fantijack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhartwork%2Fantijack/lists"}