From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0B1B0C433F5 for ; Tue, 24 May 2022 11:10:50 +0000 (UTC) Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.94.2) (envelope-from ) id 1ntSQr-0000gY-Fl; Tue, 24 May 2022 07:10:33 -0400 Received: from mail.postadigitale.org ([144.76.163.238]) by shelob.surriel.com with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ntSQo-0000gL-Pm for kernelnewbies@kernelnewbies.org; Tue, 24 May 2022 07:10:31 -0400 Received: from hostpad (p200300E4Ef17560007E1C1dc07f56898.dip0.t-ipconnect.de [IPv6:2003:e4:ef17:5600:7e1:c1dc:7f5:6898]) by mail.postadigitale.org (Postfix) with ESMTPSA id E6B201A29F for ; Tue, 24 May 2022 13:10:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=postadigitale.de; s=20180517; t=1653390629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=8k4C8Tniwf4qayu6mab4ys/VatcYsVTjHHPPkj/EK8U=; b=l9RyhrVXAUiVPiKww/j5FzqMwJdzcrkUCvFETCYwQGWa8wiXmbNKQSQbsjRzC2FsHD1dTp jfjENMldsD0awXHl5yXYkDX5vBGVmE4n1Le7PZCEa2NKdku0H0HCGy4TLQ18ZgpDPvm2te BnkYUWtLP3m/XDaJf1k2+L4l1W3OEwg= Date: Tue, 24 May 2022 11:10:26 +0000 From: Simon Brand To: kernelnewbies@kernelnewbies.org Subject: Possibility of merge of disable icotl TIOCSTI patch Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kernelnewbies-bounces@kernelnewbies.org Hi, in the past there have been attempts to restrict the TIOCSTI ioctl. [0, 1] None of them are present in the current kernel. Since those tries there have been some security issues (sandbox escapes in flatpak (CVE-2019-10063) [2] and snap (CVE 2019-7303) [3], runuser [4], su [5]). I would provide a patch which leaves the current behavior as default, but TIOCSTI can be disabled via Kconfig or cmdline switch. Is there any chance this will get merged in 2022, since past attempts failed? Escapes can be reproduced easiliy (on archlinux) via a python script: ``` import fcntl import termios with open("/dev/tty", "w") as fd: for c in "id\n": fcntl.ioctl(fd, termios.TIOCSTI, c) ``` Now run as root: # su user $ python3 /path/to/script.py ; exit uid=0(root) ... Best, Simon [0] https://lkml.kernel.org/lkml/CAG48ez1NBnrsPnHN6D9nbOJP6+Q6zEV9vfx9q7ME4Eti-vRmhQ@mail.gmail.com/T/ [1] https://lkml.kernel.org/lkml/20170420174100.GA16822@mail.hallyn.com/T/ [2] https://github.com/flatpak/flatpak/issues/2782 [3] https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapIoctlTIOCSTI [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843 _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies