From: "Günther Noack" <gnoack@google.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: "Hanno Böck" <hanno@hboeck.de>,
kernel-hardening@lists.openwall.com,
"Kees Cook" <keescook@chromium.org>,
"Jiri Slaby" <jirislaby@kernel.org>,
"Geert Uytterhoeven" <geert@linux-m68k.org>,
"Paul Moore" <paul@paul-moore.com>,
"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
"David Laight" <David.Laight@aculab.com>,
"Simon Brand" <simon.brand@postadigitale.de>,
"Dave Mielke" <Dave@mielke.cc>,
"Mickaël Salaün" <mic@digikod.net>,
"KP Singh" <kpsingh@google.com>,
"Nico Schottelius" <nico-gpm2008@schottelius.org>,
"Günther Noack" <gnoack@google.com>
Subject: [PATCH v2 0/1] Restrict access to TIOCLINUX
Date: Mon, 28 Aug 2023 14:21:08 +0200 [thread overview]
Message-ID: <20230828122109.3529221-1-gnoack@google.com> (raw)
Hello!
This is a re-send of a patch by Hanno Böck from 2023-04-02 [1], to restrict the
use of the copy-and-paste functionality in the TIOCLINUX IOCTL.
These copy-and-paste operations can be misused in the same way as the TIOCSTI
IOCTL, which can be disabled with a CONFIG option, since commit 83efeeeb3d04
("tty: Allow TIOCSTI to be disabled") and commit 690c8b804ad2 ("TIOCSTI: always
enable for CAP_SYS_ADMIN"). With this option set to N, the use of TIOCSTI
requires CAP_SYS_ADMIN.
We believe that it should be OK to not make this configurable: For TIOCLINUX's
copy-and-paste subcommands, the only known usage so far is GPM. I have
personally verified that this continues to work, as GPM runs as root.
The number of affected programs should be much lower than it was the case for
TIOCSTI (as TIOCLINUX only applies to virtual terminals), and even in the
TIOCLINUX case, only a handful of legitimate use cases were mentioned. (BRLTTY,
tcsh, Emacs, special versions of "mail"). I have high confidence that GPM is
the only existing usage of that copy-and-paste feature.
(If configurability is really required, the way to be absolutely sure would be
to introduce a CONFIG option for it as well -- but it would be a pretty obscure
option to have, but we can do that if needed.)
Changes in v2:
- Rebased to Linux v6.5
- Reworded commit message a bit
- Added Tested-By
[1] https://lore.kernel.org/all/20230402160815.74760f87.hanno@hboeck.de/
Hanno Böck (1):
tty: Restrict access to TIOCLINUX' copy-and-paste subcommands
drivers/tty/vt/vt.c | 6 ++++++
1 file changed, 6 insertions(+)
base-commit: 2dde18cd1d8fac735875f2e4987f11817cc0bc2c
--
2.42.0.rc2.253.gd59a3bf2b4-goog
next reply other threads:[~2023-08-28 12:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-28 12:21 Günther Noack [this message]
2023-08-28 12:21 ` [PATCH v2 1/1] tty: Restrict access to TIOCLINUX' copy-and-paste subcommands Günther Noack
2023-08-28 14:48 ` Greg KH
2023-08-28 16:42 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230828122109.3529221-1-gnoack@google.com \
--to=gnoack@google.com \
--cc=Dave@mielke.cc \
--cc=David.Laight@aculab.com \
--cc=geert@linux-m68k.org \
--cc=gregkh@linuxfoundation.org \
--cc=hanno@hboeck.de \
--cc=jirislaby@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kpsingh@google.com \
--cc=mic@digikod.net \
--cc=nico-gpm2008@schottelius.org \
--cc=paul@paul-moore.com \
--cc=samuel.thibault@ens-lyon.org \
--cc=simon.brand@postadigitale.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).