Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Jun 2017 09:12:07 +0200
From: lazytyped <>
Subject: Re: Re: [PATCH v7 2/2] security: tty: make TIOCSTI
 ioctl require CAP_SYS_ADMIN

On 6/1/17 4:35 AM, Kees Cook wrote:
> I still cannot wrap my head around why providing users with a
> protection is a bad thing. Yes, the other tty games are bad, but this
> fixes a specific and especially bad case that is easy to kill. It's
> got a Kconfig and a sysctl. It's not on by default. This protects the
> common case of privileged ttys that aren't attached to consoles, etc,
> so while the framebuffer thing is an issue, it's not always an issue,
> etc.
There are a couple of reasons for that:

First of all, a protection is extra cost, in terms of maintenance, 
knowledge (a new knob) and compatibility. That extra cost may sound 
minimal, but adds up pretty quickly. If the protection is "easily" 
bypassable (that is, today we use TIOCSTI, tomorrow we use something 
else in the same path), then that extra cost/complexity stays for no 
good reason. Feature creep is a real issue, in security, IMHO - it's not 
a 'number of features' game.

Second, stuff that is delivered off by default tends to rot. I don't 
work on Linux, but generally try really hard to not add something that 
is not ON by default at least for a small number of things. Stuff 
inevitably breaks, and it's extra cost.
To me, a protection that needs to be off by default, raises a red flag. 
I know Linux has a somewhat different philosophy (centered around the 
kernel config that each distribution pieces together and ships), so 
mileage probably varies there.

I don't have enough skills to comment about all the possible TTY attacks 
and quirks, but I think I understand where Alan comes from.

Good luck.

          -  Enrico

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.