From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27266EB64D9 for ; Tue, 27 Jun 2023 21:50:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229719AbjF0Vuc (ORCPT ); Tue, 27 Jun 2023 17:50:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229680AbjF0Vu2 (ORCPT ); Tue, 27 Jun 2023 17:50:28 -0400 Received: from sonata.ens-lyon.org (domu-toccata.ens-lyon.fr [140.77.166.138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DBDD11D; Tue, 27 Jun 2023 14:50:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by sonata.ens-lyon.org (Postfix) with ESMTP id 3550420127; Tue, 27 Jun 2023 23:50:24 +0200 (CEST) Received: from sonata.ens-lyon.org ([127.0.0.1]) by localhost (sonata.ens-lyon.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tqwoBdzOrYAd; Tue, 27 Jun 2023 23:50:24 +0200 (CEST) Received: from begin (unknown [91.151.117.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by sonata.ens-lyon.org (Postfix) with ESMTPSA id DF1862011A; Tue, 27 Jun 2023 23:50:23 +0200 (CEST) Received: from samy by begin with local (Exim 4.96) (envelope-from ) id 1qEGZp-008z2f-1W; Tue, 27 Jun 2023 23:50:21 +0200 Date: Tue, 27 Jun 2023 23:50:21 +0200 From: Samuel Thibault To: Kees Cook , Kees Cook , Greg Kroah-Hartman , Jiri Slaby , Simon Brand , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Dave@mielke.cc Subject: Re: [PATCH v3 2/2] tty: Allow TIOCSTI to be disabled Message-ID: <20230627215021.ajwlckics4ssquit@begin> Mail-Followup-To: Samuel Thibault , Kees Cook , Kees Cook , Greg Kroah-Hartman , Jiri Slaby , Simon Brand , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Dave@mielke.cc References: <20221022182828.give.717-kees@kernel.org> <20221022182949.2684794-2-keescook@chromium.org> <20221227234000.jgosvixx7eahqb3z@begin> <20221228205726.rfevry7ud6gmttg5@begin> <20230625155625.s4kvy7m2vw74ow4i@begin> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230625155625.s4kvy7m2vw74ow4i@begin> Organization: I am not organized User-Agent: NeoMutt/20170609 (1.8.3) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Samuel Thibault, le dim. 25 juin 2023 17:56:25 +0200, a ecrit: > Samuel Thibault, le mer. 28 déc. 2022 21:57:26 +0100, a ecrit: > > Can we perhaps just introduce a CAP_TIOCSTI that the brltty daemon would > > be able to use? We could even make it only allow TIOCSTI on the linux > > console (tty->ops == con_ops). > > *Please* comment on this so we can progress. ATM people are > advising each other to set dev.tty.legacy_tiocsti=1, which is just > counter-productive in terms of security... People are even discussing adding that configuration to the brltty package, which e.g. on ubuntu is installed by default, and thus defeating completely the security measure by default... Please do contribute to the discussion so we can fix this. Samuel