kernel-hardening.lists.openwall.com archive mirror
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: "Günther Noack" <gnoack@google.com>,
	"Hanno Böck" <hanno@hboeck.de>,
	kernel-hardening@lists.openwall.com,
	"Kees Cook" <keescook@chromium.org>,
	"Jiri Slaby" <jirislaby@kernel.org>,
	"Geert Uytterhoeven" <geert@linux-m68k.org>,
	"Paul Moore" <paul@paul-moore.com>,
	"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
	"David Laight" <David.Laight@aculab.com>,
	"Simon Brand" <simon.brand@postadigitale.de>,
	"Dave Mielke" <Dave@mielke.cc>, "KP Singh" <kpsingh@google.com>,
	"Nico Schottelius" <nico-gpm2008@schottelius.org>
Subject: Re: [PATCH v3 1/1] tty: Restrict access to TIOCLINUX' copy-and-paste subcommands
Date: Mon, 28 Aug 2023 20:48:22 +0200	[thread overview]
Message-ID: <2023082829-runner-engaging-20e2@gregkh> (raw)
In-Reply-To: <20230828.eGare4bei2ji@digikod.net>

On Mon, Aug 28, 2023 at 08:43:39PM +0200, Mickaël Salaün wrote:
> On Mon, Aug 28, 2023 at 06:41:17PM +0200, Günther Noack wrote:
> > From: Hanno Böck <hanno@hboeck.de>
> > 
> > TIOCLINUX can be used for privilege escalation on virtual terminals when
> > code is executed via tools like su/sudo and sandboxing tools.
> > 
> > By abusing the selection features, a lower-privileged application can
> > write content to the console, select and copy/paste that content and
> > thereby executing code on the privileged account. See also the poc
> > here:
> > 
> >   https://www.openwall.com/lists/oss-security/2023/03/14/3
> > 
> > Selection is usually used by tools like gpm that provide mouse features
> > on the virtual console. gpm already runs as root (due to earlier
> > changes that restrict access to a user on the current TTY), therefore
> > it will still work with this change.
> > 
> > With this change, the following TIOCLINUX subcommands require
> > CAP_SYS_ADMIN:
> > 
> >  * TIOCL_SETSEL - setting the selected region on the terminal
> >  * TIOCL_PASTESEL - pasting the contents of the selected region into
> >    the input buffer
> >  * TIOCL_SELLOADLUT - changing word-by-word selection behaviour
> > 
> > The security problem mitigated is similar to the security risks caused
> > by TIOCSTI, which, since kernel 6.2, can be disabled with
> > CONFIG_LEGACY_TIOCSTI=n.
> > 
> > Signed-off-by: Hanno Böck <hanno@hboeck.de>
> > Signed-off-by: Günther Noack <gnoack@google.com>
> 
> The SoB rules are tricky, you cannot have a Signed-off-by if you are not
> in the From/Author or Committer or Co-Developed-by fields:
> https://docs.kernel.org/process/submitting-patches.html#when-to-use-acked-by-cc-and-co-developed-by

Not true at all, maintainers add their signed-off-by to everything they
apply, and you HAVE to add it to a patch that flows through you to
someone else, as per the DCO.

> It should be:
> 
> Co-Developed-by: Günther Noack <gnoack@google.com>

Not if this person was not a developer on it, no.

> Signed-off-by: Günther Noack <gnoack@google.com>
> Signed-off-by: Hanno Böck <hanno@hboeck.de>
> 
> > Tested-by: Günther Noack <gnoack@google.com>
> 
> This Tested-by should not be required anymore because of your SoB,
> which should implicitly stipulate that you tested this patch.
> 
> I'm not sure if it's worth sending another version with only this fix
> though, if there is no more issue I guess the maintainer picking it
> could fix it.

As submitted, it is correct.

thanks,

greg k-h

  reply	other threads:[~2023-08-28 18:48 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-28 16:41 [PATCH v3 0/1] Restrict access to TIOCLINUX Günther Noack
2023-08-28 16:41 ` [PATCH v3 1/1] tty: Restrict access to TIOCLINUX' copy-and-paste subcommands Günther Noack
2023-08-28 18:43   ` Mickaël Salaün
2023-08-28 18:48     ` Greg KH [this message]
2023-08-28 16:45 ` [PATCH v3 0/1] Restrict access to TIOCLINUX Samuel Thibault
2023-08-29 13:00   ` Günther Noack
2023-08-30  0:36     ` Samuel Thibault
2023-09-15 13:32     ` Günther Noack
2023-10-09 20:19       ` Kees Cook
2023-10-10  6:17         ` Greg KH
2023-10-10 22:23           ` Kees Cook
2023-10-11  6:22             ` Greg KH
2023-10-11 15:49               ` sending commit notification to patch thread (was "Re: [PATCH v3 0/1] Restrict access to TIOCLINUX") Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2023082829-runner-engaging-20e2@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=Dave@mielke.cc \
    --cc=David.Laight@aculab.com \
    --cc=geert@linux-m68k.org \
    --cc=gnoack@google.com \
    --cc=hanno@hboeck.de \
    --cc=jirislaby@kernel.org \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=kpsingh@google.com \
    --cc=mic@digikod.net \
    --cc=nico-gpm2008@schottelius.org \
    --cc=paul@paul-moore.com \
    --cc=samuel.thibault@ens-lyon.org \
    --cc=simon.brand@postadigitale.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).