public inbox for kernel-hardening@lists.openwall.com
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Kees Cook <keescook@chromium.org>
Cc: "Günther Noack" <gnoack@google.com>,
	"Samuel Thibault" <samuel.thibault@ens-lyon.org>,
	"Hanno Böck" <hanno@hboeck.de>,
	kernel-hardening@lists.openwall.com,
	"Jiri Slaby" <jirislaby@kernel.org>,
	"Geert Uytterhoeven" <geert@linux-m68k.org>,
	"Paul Moore" <paul@paul-moore.com>,
	"David Laight" <David.Laight@aculab.com>,
	"Simon Brand" <simon.brand@postadigitale.de>,
	"Dave Mielke" <Dave@mielke.cc>,
	"Mickaël Salaün" <mic@digikod.net>,
	"KP Singh" <kpsingh@google.com>,
	"Nico Schottelius" <nico-gpm2008@schottelius.org>
Subject: Re: [PATCH v3 0/1] Restrict access to TIOCLINUX
Date: Tue, 10 Oct 2023 08:17:42 +0200	[thread overview]
Message-ID: <2023101045-stride-auction-1b9e@gregkh> (raw)
In-Reply-To: <202310091319.F1D49BC30B@keescook>

On Mon, Oct 09, 2023 at 01:19:47PM -0700, Kees Cook wrote:
> On Fri, Sep 15, 2023 at 03:32:29PM +0200, Günther Noack wrote:
> > On Tue, Aug 29, 2023 at 03:00:19PM +0200, Günther Noack wrote:
> > > Let me update the list of known usages then: The TIOCL_SETSEL, TIOCL_PASTESEL
> > > and TIOCL_SELLOADLUT mentions found on codesearch.debian.net are:
> > > 
> > > (1) Actual invocations:
> > > 
> > >  * consolation:
> > >      "consolation" is a gpm clone, which also runs as root.
> > >      (I have not had the chance to test this one yet.)
> > 
> > I have tested the consolation program with a kernel that has the patch, and it
> > works as expected -- you can copy and paste on the console.
> > 
> > 
> > >  * BRLTTY:
> > >      Uses TIOCL_SETSEL as a means to highlight portions of the screen.
> > >      The TIOCSTI patch made BRLTTY work by requiring CAP_SYS_ADMIN,
> > >      so we know that BRLTTY has that capability (it runs as root and
> > >      does not drop it).
> > > 
> > > (2) Some irrelevant matches:
> > > 
> > >  * snapd: has a unit test mentioning it, to test their seccomp filters
> > >  * libexplain: mentions it, but does not call it (it's a library for
> > >    human-readably decoding system calls)
> > >  * manpages: documentation
> > > 
> > > 
> > > *Outside* of codesearch.debian.org:
> > > 
> > >  * gpm:
> > >      I've verified that this works with the patch.
> > >      (To my surprise, Debian does not index this project's code.)
> > 
> > (As Samuel pointed out, I was wrong there - Debian does index it, but it does
> > not use the #defines from the headers... who would have thought...)
> > 
> > 
> > > FWIW, I also briefly looked into "jamd" (https://jamd.sourceforge.net/), which
> > > was mentioned as similar in the manpage for "consolation", but that software
> > > does not use any ioctls at all.
> > > 
> > > So overall, it still seems like nothing should break. 👍
> > 
> > Summarizing the above - the only three programs which are known to use the
> > affected TIOCLINUX subcommands are:
> > 
> > * consolation (tested)
> > * gpm (tested)
> > * BRLTTY (known to work with TIOCSTI, where the same CAP_SYS_ADMIN requirement
> >   is imposed for a while now)
> > 
> > I think that this is a safe change for the existing usages and that we have done
> > the due diligence required to turn off these features.
> > 
> > Greg, could you please have another look?
> 
> Can you spin a v4 with all these details collected into the commit log?
> That should be sufficient information for Greg, I would think.

This is already commit 8d1b43f6a6df ("tty: Restrict access to TIOCLINUX'
copy-and-paste subcommands") in my tty-next tree, and in linux-next.
It's been there for 5 days now :)

thanks,

greg k-h

  reply	other threads:[~2023-10-10  6:18 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-28 16:41 [PATCH v3 0/1] Restrict access to TIOCLINUX Günther Noack
2023-08-28 16:41 ` [PATCH v3 1/1] tty: Restrict access to TIOCLINUX' copy-and-paste subcommands Günther Noack
2023-08-28 18:43   ` Mickaël Salaün
2023-08-28 18:48     ` Greg KH
2023-08-28 16:45 ` [PATCH v3 0/1] Restrict access to TIOCLINUX Samuel Thibault
2023-08-29 13:00   ` Günther Noack
2023-08-30  0:36     ` Samuel Thibault
2023-09-15 13:32     ` Günther Noack
2023-10-09 20:19       ` Kees Cook
2023-10-10  6:17         ` Greg KH [this message]
2023-10-10 22:23           ` Kees Cook
2023-10-11  6:22             ` Greg KH
2023-10-11 15:49               ` sending commit notification to patch thread (was "Re: [PATCH v3 0/1] Restrict access to TIOCLINUX") Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2023101045-stride-auction-1b9e@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=Dave@mielke.cc \
    --cc=David.Laight@aculab.com \
    --cc=geert@linux-m68k.org \
    --cc=gnoack@google.com \
    --cc=hanno@hboeck.de \
    --cc=jirislaby@kernel.org \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=kpsingh@google.com \
    --cc=mic@digikod.net \
    --cc=nico-gpm2008@schottelius.org \
    --cc=paul@paul-moore.com \
    --cc=samuel.thibault@ens-lyon.org \
    --cc=simon.brand@postadigitale.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox