Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <2023101045-stride-auction-1b9e@gregkh>
Date: Tue, 10 Oct 2023 08:17:42 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Günther Noack <gnoack@...gle.com>,
	Samuel Thibault <samuel.thibault@...-lyon.org>,
	Hanno Böck <hanno@...eck.de>,
	kernel-hardening@...ts.openwall.com,
	Jiri Slaby <jirislaby@...nel.org>,
	Geert Uytterhoeven <geert@...ux-m68k.org>,
	Paul Moore <paul@...l-moore.com>,
	David Laight <David.Laight@...lab.com>,
	Simon Brand <simon.brand@...tadigitale.de>,
	Dave Mielke <Dave@...lke.cc>,
	Mickaël Salaün <mic@...ikod.net>,
	KP Singh <kpsingh@...gle.com>,
	Nico Schottelius <nico-gpm2008@...ottelius.org>
Subject: Re: [PATCH v3 0/1] Restrict access to TIOCLINUX

On Mon, Oct 09, 2023 at 01:19:47PM -0700, Kees Cook wrote:
> On Fri, Sep 15, 2023 at 03:32:29PM +0200, Günther Noack wrote:
> > On Tue, Aug 29, 2023 at 03:00:19PM +0200, Günther Noack wrote:
> > > Let me update the list of known usages then: The TIOCL_SETSEL, TIOCL_PASTESEL
> > > and TIOCL_SELLOADLUT mentions found on codesearch.debian.net are:
> > > 
> > > (1) Actual invocations:
> > > 
> > >  * consolation:
> > >      "consolation" is a gpm clone, which also runs as root.
> > >      (I have not had the chance to test this one yet.)
> > 
> > I have tested the consolation program with a kernel that has the patch, and it
> > works as expected -- you can copy and paste on the console.
> > 
> > 
> > >  * BRLTTY:
> > >      Uses TIOCL_SETSEL as a means to highlight portions of the screen.
> > >      The TIOCSTI patch made BRLTTY work by requiring CAP_SYS_ADMIN,
> > >      so we know that BRLTTY has that capability (it runs as root and
> > >      does not drop it).
> > > 
> > > (2) Some irrelevant matches:
> > > 
> > >  * snapd: has a unit test mentioning it, to test their seccomp filters
> > >  * libexplain: mentions it, but does not call it (it's a library for
> > >    human-readably decoding system calls)
> > >  * manpages: documentation
> > > 
> > > 
> > > *Outside* of codesearch.debian.org:
> > > 
> > >  * gpm:
> > >      I've verified that this works with the patch.
> > >      (To my surprise, Debian does not index this project's code.)
> > 
> > (As Samuel pointed out, I was wrong there - Debian does index it, but it does
> > not use the #defines from the headers... who would have thought...)
> > 
> > 
> > > FWIW, I also briefly looked into "jamd" (https://jamd.sourceforge.net/), which
> > > was mentioned as similar in the manpage for "consolation", but that software
> > > does not use any ioctls at all.
> > > 
> > > So overall, it still seems like nothing should break. 👍
> > 
> > Summarizing the above - the only three programs which are known to use the
> > affected TIOCLINUX subcommands are:
> > 
> > * consolation (tested)
> > * gpm (tested)
> > * BRLTTY (known to work with TIOCSTI, where the same CAP_SYS_ADMIN requirement
> >   is imposed for a while now)
> > 
> > I think that this is a safe change for the existing usages and that we have done
> > the due diligence required to turn off these features.
> > 
> > Greg, could you please have another look?
> 
> Can you spin a v4 with all these details collected into the commit log?
> That should be sufficient information for Greg, I would think.

This is already commit 8d1b43f6a6df ("tty: Restrict access to TIOCLINUX'
copy-and-paste subcommands") in my tty-next tree, and in linux-next.
It's been there for 5 days now :)

thanks,

greg k-h

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.