Follow @Openwall on Twitter for new release announcements and other news
[<prev] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 1 Jun 2022 21:03:11 +0200
From: Levente Polyak <levente@...entepolyak.net>
To: Yann Droneaud <ydroneaud@...eya.com>,
 Simon Brand <simon.brand@...tadigitale.de>, kernelnewbies@...nelnewbies.org,
 linux-hardening@...r.kernel.org, kernel-hardening@...ts.openwall.com
Subject: Re: Possibility of merge of disable icotl TIOCSTI patch

On 6/1/22 17:41, Yann Droneaud wrote:
>> I would provide a patch which leaves the current behavior as default,
>> but TIOCSTI can be disabled via Kconfig or cmdline switch.
>> Is there any chance this will get merged in 2022, since past
>> attempts failed?
>>

Small side note:

A complete version of Matt's initial patch has lived on in 
linux-hardened [0][1] with the `SECURITY_TIOCSTI_RESTRICT` Kconfig 
(default no) and a `tiocsti_restrict` sysctl.

If a re-attempt is feasible, both patchs [0][1] could potentially be 
re-proposed as is.

In linux-hardened we have an independent patch [2] which simply sets the 
default value of `SECURITY_TIOCSTI_RESTRICT` to `yes`, but that most 
likely is not desired.

cheers,
Levente


[0] 
https://github.com/anthraxx/linux-hardened/commit/d0e49deb1a39dc64e7c7db3340579cfc9ab1e0df
[1] 
https://github.com/anthraxx/linux-hardened/commit/ea8f20602a993c90125bf08da39894f01166dc73
[2] 
https://github.com/anthraxx/linux-hardened/commit/238551f7b6a138d6f9ba0d55fe70cf6ddc237f47

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.