From: Greg KH <gregkh@linuxfoundation.org>
To: quic_zijuhu <quic_zijuhu@quicinc.com>
Cc: jirislaby@kernel.org, linux-serial@vger.kernel.org
Subject: Re: [PATCH v1] tty: Fix a security issue related to tty-ldisc module loading
Date: Fri, 15 Dec 2023 11:38:32 +0100 [thread overview]
Message-ID: <2023121514-likely-sequester-050b@gregkh> (raw)
In-Reply-To: <38ca1fa8-5631-4511-8962-31c8948e19b8@quicinc.com>
On Fri, Dec 15, 2023 at 05:32:52PM +0800, quic_zijuhu wrote:
> On 12/15/2023 4:43 PM, Greg KH wrote:
> > On Fri, Dec 15, 2023 at 04:28:53PM +0800, Zijun Hu wrote:
> >> Function tty_ldisc_get() has a simple logical error and may cause tty-ldisc
> >> module to be loaded by a user without CAP_SYS_MODULE, this security issue
> >> is fixed by correcting the logical error.
> >
> > What specific security issue are you referring to here?
> module tty-ldisc is able to be loaded by a user who don't have relevant permission CAP_SYS_MODULE to load module.
Yes, that is as-intended, why are you trying to break existing
functionality that has been present for forever?
> current logical is weird and it confuse me as a tty driver beginner since the intuitive checking is shown by my change.
It might be confusing, but it is correct. You have to justify changing
existing functionality a lot, especially for user-visable stuff like
this.
And to say it is a "security issue" is not correct, it is this way by
design, please work to understand history before attempting to change it
for no documented reason. Did you read the config option that helps
control this functionality? Did the help text there not explain it
properly? If so, please provide additional documentation where needed.
I suggest working with others at your company that have more experience
before submitting changes like this in the future, as they should be
able to help you out better instead of relying on the community to do
so.
thanks,
greg k-h
next prev parent reply other threads:[~2023-12-15 10:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-15 8:28 [PATCH v1] tty: Fix a security issue related to tty-ldisc module loading Zijun Hu
2023-12-15 8:43 ` Greg KH
2023-12-15 9:32 ` quic_zijuhu
2023-12-15 10:38 ` Greg KH [this message]
2023-12-15 10:45 ` quic_zijuhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023121514-likely-sequester-050b@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=jirislaby@kernel.org \
--cc=linux-serial@vger.kernel.org \
--cc=quic_zijuhu@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox