Restore the `dev.tty.legacy_tiocsti` check

The kernel documentations says:
```
Historically the kernel has allowed TIOCSTI, which will push
characters into a controlling TTY. This continues to be used
as a malicious privilege escalation mechanism, and provides no
meaningful real-world utility any more. Its use is considered
a dangerous legacy operation, and can be disabled on most
systems.
```
https://elixir.bootlin.com/linux/v6.8.8/source/drivers/tty/Kconfig#L152

In other words, not having the `dev.tty.legacy_tiocsti` sysctl means that
the dangerous functionality is enabled by default.

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index feb36ee12877393180b0ed24e28dabfc5552233c..9093b9b014d89e41b583512b47bb2b2e5ec20795 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -681,8 +681,7 @@ def add_sysctl_checks(l, _arch):
              AND(KconfigCheck('cut_attack_surface', 'lockdown', 'BPF_SYSCALL', 'is not set'),
                  have_config_file))]
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.kptr_restrict', '2')]
-    l += [OR(SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.legacy_tiocsti', '0'),
-             SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.legacy_tiocsti', 'is not set'))]
+    l += [SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.legacy_tiocsti', '0')]
     l += [OR(SysctlCheck('cut_attack_surface', 'kspp', 'vm.unprivileged_userfaultfd', '0'),
              AND(KconfigCheck('cut_attack_surface', 'grsec', 'USERFAULTFD', 'is not set'),
                  have_config_file))]