From: Alejandro Colomar <alx@kernel.org>
To: "Günther Noack" <gnoack@google.com>
Cc: "Alejandro Colomar" <alx.manpages@gmail.com>,
linux-man@vger.kernel.org, "Hanno Böck" <hanno@hboeck.de>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] ioctl_console: Document new CAP_SYS_ADMIN restrictions (since Linux 6.7)
Date: Fri, 1 Dec 2023 13:56:41 +0100 [thread overview]
Message-ID: <ZWnYCcuJql0Pm4Yr@debian> (raw)
In-Reply-To: <20231201122645.3237941-1-gnoack@google.com>
[-- Attachment #1: Type: text/plain, Size: 1840 bytes --]
Hi Günther, Greg,
On Fri, Dec 01, 2023 at 01:26:45PM +0100, Günther Noack wrote:
> Since Linux commit 8d1b43f6a6df7bce ("tty: Restrict access to TIOCLINUX'
> copy-and-paste subcommands"), the TIOCL_SETSEL, TIOCL_PASTESEL and
> TIOCL_SELLOADLUT subcommands require CAP_SYS_ADMIN.
>
> Cc: Hanno Böck <hanno@hboeck.de>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Günther Noack <gnoack@google.com>
> ---
> man2/ioctl_console.2 | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/man2/ioctl_console.2 b/man2/ioctl_console.2
> index 684b4d013..abc50b786 100644
> --- a/man2/ioctl_console.2
> +++ b/man2/ioctl_console.2
> @@ -715,12 +715,20 @@ is 0 for character-by-character selection,
> or 2 for line-by-line selection.
> The indicated screen characters are highlighted and saved
> in a kernel buffer.
> +.IP
> +Since Linux 6.7, using this subcode requires the
Are these requirements expected to be backported to stable kernels?
Cheers,
Alex
> +.B CAP_SYS_ADMIN
> +capability.
> .TP
> .BR TIOCLINUX ", " subcode = TIOCL_PASTESEL
> Paste selection.
> The characters in the selection buffer are
> written to
> .IR fd .
> +.IP
> +Since Linux 6.7, using this subcode requires the
> +.B CAP_SYS_ADMIN
> +capability.
> .TP
> .BR TIOCLINUX ", " subcode = TIOCL_UNBLANKSCREEN
> Unblank the screen.
> @@ -729,6 +737,10 @@ Unblank the screen.
> Sets contents of a 256-bit look up table defining characters in a "word",
> for word-by-word selection.
> (Since Linux 1.1.32.)
> +.IP
> +Since Linux 6.7, using this subcode requires the
> +.B CAP_SYS_ADMIN
> +capability.
> .TP
> .BR TIOCLINUX ", " subcode = TIOCL_GETSHIFTSTATE
> .I argp
> --
> 2.43.0.rc2.451.g8631bc7472-goog
>
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2023-12-01 12:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-01 12:26 [PATCH] ioctl_console: Document new CAP_SYS_ADMIN restrictions (since Linux 6.7) Günther Noack
2023-12-01 12:56 ` Alejandro Colomar [this message]
2023-12-01 23:14 ` Greg Kroah-Hartman
2023-12-02 1:08 ` Alejandro Colomar
2023-12-05 6:20 ` Günther Noack
2023-12-21 14:42 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZWnYCcuJql0Pm4Yr@debian \
--to=alx@kernel.org \
--cc=alx.manpages@gmail.com \
--cc=gnoack@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hanno@hboeck.de \
--cc=linux-man@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.