Date: Tue, 30 May 2017 14:57:17 -0400 From: Matt Brown <matt@...tt.com> To: Nick Kralevich <nnk@...gle.com>, Stephen Smalley <sds@...ho.nsa.gov> Cc: Alan Cox <gnomes@...rguk.ukuu.org.uk>, Casey Schaufler <casey@...aufler-ca.com>, Boris Lukashev <blukashev@...pervictus.com>, Greg KH <gregkh@...uxfoundation.org>, "Serge E. Hallyn" <serge@...lyn.com>, Kees Cook <keescook@...omium.org>, kernel-hardening@...ts.openwall.com, linux-security-module <linux-security-module@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: Re: [PATCH v7 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN On 5/30/17 2:44 PM, Nick Kralevich wrote: > On Tue, May 30, 2017 at 11:32 AM, Stephen Smalley <sds@...ho.nsa.gov> wrote: >>> Seccomp requires the program in question to "opt-in" so to speak and >>> set >>> certain restrictions on itself. However as you state above, any >>> TIOCSTI >>> protection doesn't matter if the program correctly allocates a >>> tty/pty pair. >>> This protections seeks to protect users from programs that don't do >>> things >>> correctly. Rather than killing bugs, this feature attempts to kill an >>> entire >>> bug class that shows little sign of slowing down in the world of >>> containers and >>> sandboxes. >> >> Just FYI, you can also restrict TIOCSTI (or any other ioctl command) >> via SELinux ioctl whitelisting, and Android is using that feature to >> restrict TIOCSTI usage in Android O (at least based on the developer >> previews to date, also in AOSP master). > > For reference, this is https://android-review.googlesource.com/306278 > , where we moved to a whitelist for handling ioctls for ptys. > > -- Nick > Thanks, I didn't know that android was doing this. I still think this feature is worthwhile for people to be able to harden their systems against this attack vector without having to implement a MAC. Matt
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.