Date: Wed, 1 Jun 2022 21:03:11 +0200 From: Levente Polyak <levente@...entepolyak.net> To: Yann Droneaud <ydroneaud@...eya.com>, Simon Brand <simon.brand@...tadigitale.de>, kernelnewbies@...nelnewbies.org, linux-hardening@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: Possibility of merge of disable icotl TIOCSTI patch On 6/1/22 17:41, Yann Droneaud wrote: >> I would provide a patch which leaves the current behavior as default, >> but TIOCSTI can be disabled via Kconfig or cmdline switch. >> Is there any chance this will get merged in 2022, since past >> attempts failed? >> Small side note: A complete version of Matt's initial patch has lived on in linux-hardened  with the `SECURITY_TIOCSTI_RESTRICT` Kconfig (default no) and a `tiocsti_restrict` sysctl. If a re-attempt is feasible, both patchs  could potentially be re-proposed as is. In linux-hardened we have an independent patch  which simply sets the default value of `SECURITY_TIOCSTI_RESTRICT` to `yes`, but that most likely is not desired. cheers, Levente  https://github.com/anthraxx/linux-hardened/commit/d0e49deb1a39dc64e7c7db3340579cfc9ab1e0df  https://github.com/anthraxx/linux-hardened/commit/ea8f20602a993c90125bf08da39894f01166dc73  https://github.com/anthraxx/linux-hardened/commit/238551f7b6a138d6f9ba0d55fe70cf6ddc237f47
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.