Re: [PATCH] Restrict access to TIOCLINUX

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: "Hanno Böck" <hanno@hboeck.de>
Cc: kernel-hardening@lists.openwall.com
Subject: Re: [PATCH] Restrict access to TIOCLINUX
Date: Sun, 2 Apr 2023 19:44:27 +0200	[thread overview]
Message-ID: <2023040237-empty-etching-c988@gregkh> (raw)
In-Reply-To: <20230402193310.0e2be5bb.hanno@hboeck.de>

On Sun, Apr 02, 2023 at 07:33:10PM +0200, Hanno Böck wrote:
> On Sun, 2 Apr 2023 19:23:44 +0200
> Greg KH <gregkh@linuxfoundation.org> wrote:
> 
> > > Do you have other proposals how to fix this issue? One could
> > > introduce an option like for TIOCSTI that allows disabling
> > > selection features by default.  
> > 
> > What exact issue are you trying to fix here?
> 
> The fact that the selection features of TIOCLINUX can be used for
> privilege escalation.

Only if you had root permissions already, and then go to try to run
something using su or sudo as someone with less permission, right?

And as you already had permissions before, it's not really an
excalation, or am I missing something?

> I already mentioned this in the original patch description, but I think
> the minitty.c example here illustrates this well:
> https://www.openwall.com/lists/oss-security/2023/03/14/3
> 
> Compile it, do
> sudo -u [anynonprivilegeduser] ./minitty
> 
> It'll execute shell code with root permission.

That doesn't work if you run it from a user without root permissions to
start with, right?

thanks,

greg k-h

next prev parent reply	other threads:[~2023-04-02 17:44 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-02 14:08 [PATCH] Restrict access to TIOCLINUX Hanno Böck
2023-04-02 14:55 ` Greg KH
2023-04-02 17:16   ` Hanno Böck
2023-04-02 17:23     ` Greg KH
2023-04-02 17:33       ` Hanno Böck
2023-04-02 17:44         ` Greg KH [this message]
2023-04-04 21:54           ` Jordan Glover
2023-08-18 16:10       ` Günther Noack
2023-08-22 12:07         ` Greg KH
2023-08-22 12:51           ` Boris Lukashev
2023-08-22 13:34             ` Greg KH
2023-08-22 18:22           ` Günther Noack
2023-08-23 14:36             ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2023040237-empty-etching-c988@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=hanno@hboeck.de \
    --cc=kernel-hardening@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.