All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Günther Noack" <gnoack3000@gmail.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Jared Finder" <jared@finder.org>,
	stable@vger.kernel.org, "Jann Horn" <jannh@google.com>,
	"Hanno Böck" <hanno@hboeck.de>,
	"Jiri Slaby" <jirislaby@kernel.org>,
	"Kees Cook" <kees@kernel.org>
Subject: Re: [PATCH] tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
Date: Fri, 7 Mar 2025 14:55:37 +0100	[thread overview]
Message-ID: <20250307.80ee8ceb5f5b@gnoack.org> (raw)
In-Reply-To: <2025030708-tidal-mothproof-0deb@gregkh>

Hello Greg!

On Fri, Mar 07, 2025 at 12:05:43PM +0100, Greg Kroah-Hartman wrote:
> On Fri, Mar 07, 2025 at 11:16:21AM +0100, Günther Noack wrote:
> > On Sun, Feb 23, 2025 at 09:54:50PM +0100, Günther Noack wrote:
> > > This requirement was overeagerly loosened in commit 2f83e38a095f
> > > ("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"), but as
> > > it turns out,
> > > 
> > >   (1) the logic I implemented there was inconsistent (apologies!),
> > > 
> > >   (2) TIOCL_SELMOUSEREPORT might actually be a small security risk
> > >       after all, and
> > > 
> > >   (3) TIOCL_SELMOUSEREPORT is only meant to be used by the mouse
> > >       daemon (GPM or Consolation), which runs as CAP_SYS_ADMIN
> > >       already.
> > 
> > 
> > Greg and Jared: Friendly ping on this patch.
> 
> I think my bot found a problem with the v2 version so I was waiting for
> a new one to meet the issues there, right?

I made a submission mistake with the previous patch, which your bot
tripped over, but you already merged it into master and stable as
commit 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without
CAP_SYS_ADMIN"):
https://lore.kernel.org/all/2025011205-spinout-rewrap-2dfa@gregkh/

The patch I am submitting here is a new bugfix on top, for which I am
seeking your approval, since the previous patch is already merged.  (I
should have sent it as a new mail thread, I guess. :-/)

(If that helps, I explained the relationship between these different
patches more visually in the table in
https://lore.kernel.org/all/20250307.9339126c0c96@gnoack.org/.)

Thanks,
–Günther

  reply	other threads:[~2025-03-07 13:55 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-29 19:33 GPM & Emacs broken in Linux 6.7 -- ok to relax check? Jared Finder
2024-11-29 19:50 ` Jann Horn
2024-12-03 13:53   ` Günther Noack
2024-12-03 14:07     ` Günther Noack
2024-12-14  5:13       ` Jared Finder
2024-12-14  7:47         ` Greg Kroah-Hartman
2024-12-16 15:07           ` [PATCH] tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Günther Noack
2024-12-16 15:14             ` Greg Kroah-Hartman
2024-12-16 15:17             ` Greg Kroah-Hartman
2024-12-16 15:42               ` Günther Noack
2024-12-21 11:06                 ` Günther Noack
2024-12-21 11:10                   ` [PATCH v2] " Günther Noack
2024-12-22  8:37                     ` Greg Kroah-Hartman
2025-01-10 14:21                   ` Günther Noack
2025-01-10 16:50                     ` Kees Cook
2025-02-08 15:18                       ` Jared Finder
2025-02-08 15:28                         ` Greg KH
2025-02-08 16:03                           ` Jared Finder
2025-02-09  6:49                             ` Greg KH
2025-02-21  0:10                         ` Günther Noack
2025-02-22 21:07                           ` Jared Finder
2025-02-23 20:54                             ` [PATCH] tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT Günther Noack
2025-03-07 10:16                               ` Günther Noack
2025-03-07 11:05                                 ` Greg Kroah-Hartman
2025-03-07 13:55                                   ` Günther Noack [this message]
2025-03-07 14:31                                     ` Greg Kroah-Hartman
2025-01-12 13:14                     ` [PATCH v2] tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Greg Kroah-Hartman
2024-12-17  9:09             ` [PATCH] " Günther Noack
2024-12-17  8:47     ` GPM & Emacs broken in Linux 6.7 -- ok to relax check? Hanno Böck
2024-12-17  8:49       ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250307.80ee8ceb5f5b@gnoack.org \
    --to=gnoack3000@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hanno@hboeck.de \
    --cc=jannh@google.com \
    --cc=jared@finder.org \
    --cc=jirislaby@kernel.org \
    --cc=kees@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.