Date: Wed, 19 Apr 2017 20:08:02 -0400 From: Matt Brown <matt@...tt.com> To: James Morris <jmorris@...ei.org> Cc: serge@...lyn.com, gregkh@...uxfoundation.org, jslaby@...e.com, akpm@...ux-foundation.org, jannh@...gle.com, keescook@...omium.org, kernel-hardening@...ts.openwall.com, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN On 04/19/2017 07:18 AM, James Morris wrote: > On Tue, 18 Apr 2017, Matt Brown wrote: > >> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity >> project in-kernel. > > It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes > sense here), and rather than sprinkling these types of things throughout > the kernel, I wonder if it might be better to implement it via LSM, in the > YAMA module. > > CAP_SYS_ADMIN is already used in the TIOCSTI TTY code to allow character insertion into TTYs other than the caller's controlling terminal. This is done because different TTYs indicate a security boundary that should only be able to be crossed by a privileged process. This patch would merely extend this security boundary protection to include unprivileged processes from utilizing a common TTY to step across a security boundary. > > - James >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.