From: gnomes@lxorguk.ukuu.org.uk (Alan Cox)
To: linux-security-module@vger.kernel.org
Subject: [kernel-hardening] Re: [PATCH v6 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Date: Tue, 30 May 2017 22:52:45 +0100 [thread overview]
Message-ID: <20170530225245.092497be@alans-desktop> (raw)
In-Reply-To: <20170530155235.GA11861@mail.hallyn.com>
> > So tty stuff should under a tty capabilities.
>
> (last reply on this)
>
> Currently capabilities.7 says
>
> * employ the TIOCSTI ioctl(2) to insert characters into the input queue of a
> terminal other than the caller's controlling terminal;
>
> for CAP_SYS_ADMIN.
>
> So you can create a new CAP_SYS_TIOCSSTI if you like, and offer a patch where
> *both* CAP_SYS_ADMIN and CAP_SYS_ADMIN suffice. Again, see CAP_SYSLOG for a
> prior example.
Even then it wouldn't be useful because the attacker can use every other
interface in the tty layer, many of which you can't magic away behind a
capability bit. And the applications would need changing to use the
feature - at which point any theoretical broken apps can instead be fixed
to use a pty/tty pair and actually fix the real problem.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-05-30 21:52 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 23:20 [PATCH v6 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN Matt Brown
2017-05-05 23:20 ` [PATCH v6 1/2] security: tty: Add owner user namespace to tty_struct Matt Brown
2017-05-05 23:20 ` [PATCH v6 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN Matt Brown
2017-05-18 13:31 ` Greg KH
2017-05-19 4:51 ` Matt Brown
2017-05-10 20:29 ` [PATCH v6 0/2] " Alan Cox
2017-05-10 21:02 ` [kernel-hardening] " Daniel Micay
2017-05-13 19:52 ` Matt Brown
2017-05-15 20:57 ` Alan Cox
2017-05-15 23:10 ` Peter Dolding
2017-05-16 4:15 ` Matt Brown
2017-05-16 9:01 ` Peter Dolding
2017-05-16 12:22 ` Matt Brown
2017-05-16 14:28 ` Kees Cook
2017-05-16 15:48 ` [kernel-hardening] " Serge E. Hallyn
2017-05-16 22:05 ` Peter Dolding
2017-05-16 21:43 ` Peter Dolding
2017-05-16 21:54 ` Matt Brown
2017-05-17 16:41 ` Alan Cox
2017-05-17 18:25 ` [kernel-hardening] " Daniel Micay
2017-05-18 3:18 ` Kees Cook
2017-05-19 2:48 ` Peter Dolding
2017-05-19 14:33 ` Serge E. Hallyn
2017-05-29 10:42 ` Peter Dolding
2017-05-30 15:52 ` Serge E. Hallyn
2017-05-30 21:52 ` Alan Cox [this message]
2017-05-31 11:27 ` Peter Dolding
2017-05-31 14:36 ` Alan Cox
2017-05-31 15:32 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170530225245.092497be@alans-desktop \
--to=gnomes@lxorguk.ukuu.org.uk \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).