1. Patchew
  2. linux
  3. View series

[PATCH v3 0/2] tty: Allow TIOCSTI to be disabled

Kees Cook posted 2 patches 3 years, 5 months ago 
drivers/tty/Kconfig     | 19 +++++++++++++++++
drivers/tty/tty.h       |  2 +-
drivers/tty/tty_io.c    | 45 +++++++++++++++++++++++++++++++++++++++--
drivers/tty/tty_ldisc.c | 38 +---------------------------------
4 files changed, 64 insertions(+), 40 deletions(-)
[PATCH v3 0/2] tty: Allow TIOCSTI to be disabled
Posted by Kees Cook 3 years, 5 months ago 
Hi,

v3: make sysctl a bool (Jiri)
v2: https://lore.kernel.org/lkml/20221015064222.gonna.435-kees@kernel.org
v1: https://lore.kernel.org/lkml/20221015041352.never.966-kees@kernel.org/

This is so very long over-due. We just need to do this and put an end
to this legacy operation.

Repeating the commit log from patch 2:

    TIOCSTI continues its long history of being used in privilege escalation
    attacks[1]. Prior attempts to provide a mechanism to disable this have
    devolved into discussions around creating full-blown LSMs to provide
    arbitrary ioctl filtering, which is hugely over-engineered -- only
    TIOCSTI is being used this way. 3 years ago OpenBSD entirely removed
    TIOCSTI[2], Android has had it filtered for longer[3], and the tools that
    had historically used TIOCSTI either do not need it, are not commonly
    built with it, or have had its use removed.

    Provide a simple CONFIG and global sysctl to disable this for the system
    builders who have wanted this functionality for literally decades now,
    much like the ldisc_autoload CONFIG and sysctl.

    [1] https://lore.kernel.org/linux-hardening/Y0m9l52AKmw6Yxi1@hostpad
    [2] https://undeadly.org/cgi?action=article;sid=20170701132619
    [3] https://lore.kernel.org/lkml/CAFJ0LnFGRuEEn1tCLhoki8ZyWrKfktbF+rwwN7WzyC_kBFoQVA@mail.gmail.com/

Thanks,

-Kees


Kees Cook (2):
  tty: Move sysctl setup into "core" tty logic
  tty: Allow TIOCSTI to be disabled

 drivers/tty/Kconfig     | 19 +++++++++++++++++
 drivers/tty/tty.h       |  2 +-
 drivers/tty/tty_io.c    | 45 +++++++++++++++++++++++++++++++++++++++--
 drivers/tty/tty_ldisc.c | 38 +---------------------------------
 4 files changed, 64 insertions(+), 40 deletions(-)

-- 
2.34.1
Re: [PATCH v3 0/2] tty: Allow TIOCSTI to be disabled
Posted by Kees Cook 3 years, 5 months ago 
On Sat, Oct 22, 2022 at 11:29:47AM -0700, Kees Cook wrote:
> This is so very long over-due. We just need to do this and put an end
> to this legacy operation.

thread ping. Should I carry this in my hardening tree instead?

-- 
Kees Cook
Re: [PATCH v3 0/2] tty: Allow TIOCSTI to be disabled
Posted by Greg Kroah-Hartman 3 years, 5 months ago 
On Tue, Nov 01, 2022 at 07:15:43PM -0700, Kees Cook wrote:
> On Sat, Oct 22, 2022 at 11:29:47AM -0700, Kees Cook wrote:
> > This is so very long over-due. We just need to do this and put an end
> > to this legacy operation.
> 
> thread ping. Should I carry this in my hardening tree instead?

I can take it in my tree, I have a bunch of tty/serial patches to go
through this week, give me a few more days please.

thanks,

greg k-h
Re: [PATCH v3 0/2] tty: Allow TIOCSTI to be disabled
Posted by Kees Cook 3 years, 5 months ago 
On Wed, Nov 02, 2022 at 03:29:57AM +0100, Greg Kroah-Hartman wrote:
> On Tue, Nov 01, 2022 at 07:15:43PM -0700, Kees Cook wrote:
> > On Sat, Oct 22, 2022 at 11:29:47AM -0700, Kees Cook wrote:
> > > This is so very long over-due. We just need to do this and put an end
> > > to this legacy operation.
> > 
> > thread ping. Should I carry this in my hardening tree instead?
> 
> I can take it in my tree, I have a bunch of tty/serial patches to go
> through this week, give me a few more days please.

Sounds good; thanks for the update!

-- 
Kees Cook

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.