Re: [PATCH v3 0/1] Restrict access to TIOCLINUX

["Günther Noack" <gnoack@google.com>]

Hello Samuel!

On Mon, Aug 28, 2023 at 06:45:21PM +0200, Samuel Thibault wrote:
> Günther Noack, le lun. 28 août 2023 18:41:16 +0200, a ecrit:
> BRLTTY also uses it. It is also admin, so your change is fine :)
> 
> FI, https://codesearch.debian.net/ is a very convenient tool to check
> what FOSS might be using something.

Thanks, that is an excellent pointer!

Let me update the list of known usages then: The TIOCL_SETSEL, TIOCL_PASTESEL
and TIOCL_SELLOADLUT mentions found on codesearch.debian.net are:

(1) Actual invocations:

 * consolation:
     "consolation" is a gpm clone, which also runs as root.
     (I have not had the chance to test this one yet.)
 * BRLTTY:
     Uses TIOCL_SETSEL as a means to highlight portions of the screen.
     The TIOCSTI patch made BRLTTY work by requiring CAP_SYS_ADMIN,
     so we know that BRLTTY has that capability (it runs as root and
     does not drop it).

(2) Some irrelevant matches:

 * snapd: has a unit test mentioning it, to test their seccomp filters
 * libexplain: mentions it, but does not call it (it's a library for
   human-readably decoding system calls)
 * manpages: documentation


*Outside* of codesearch.debian.org:

 * gpm:
     I've verified that this works with the patch.
     (To my surprise, Debian does not index this project's code.)

FWIW, I also briefly looked into "jamd" (https://jamd.sourceforge.net/), which
was mentioned as similar in the manpage for "consolation", but that software
does not use any ioctls at all.

So overall, it still seems like nothing should break. 👍

—Günther

-- 
Sent using Mutt 🐕 Woof Woof