It's possible to execute any command via /dev/tty device.
CVE:
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.)
