[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] TTY pushback vulnerabilities / TIOCSTI
From: Hanno =?iso-8859-1?q?B=F6ck?= <hanno () hboeck ! de>
Date: 2023-03-24 18:56:50
Message-ID: 20230324195650.6785dd20.hanno () hboeck ! de
[Download RAW message or body]
Here's a proposed patch to restrict access to the dangerous
functionality. Waiting a few days for feedback here and will then try
to send it to the appropriate kernel lists.
------------------
Restrict access to TIOCLINUX selection functions
These functions can be used for privilege escalation when code is
executed with tools like su/sudo.
Signed-off-by: Hanno Böck <hanno@hboeck.de>
---
drivers/tty/vt/vt.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 3c2ea9c09..367117310 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -3146,10 +3146,14 @@ int tioclinux(struct tty_struct *tty, unsigned
long arg) switch (type)
{
case TIOCL_SETSEL:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
ret = set_selection_user((struct
tiocl_selection __user *)(p+1), tty);
break;
case TIOCL_PASTESEL:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
ret = paste_selection(tty);
break;
case TIOCL_UNBLANKSCREEN:
@@ -3158,6 +3162,8 @@ int tioclinux(struct tty_struct *tty, unsigned
long arg) console_unlock();
break;
case TIOCL_SELLOADLUT:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
console_lock();
ret = sel_loadlut(p);
console_unlock();
--
2.40.0
--
Hanno Böck
https://hboeck.de/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic