The change to restrict access to TIOCLINUX that was added in Linux 6.7
breaks Emacs rendering of the mouse pointer. This change was previous
discussed in
https://lwn.net/ml/kernel-hardening/[email protected]/.
An associated Emacs bug report, bug #74220, is discussed at
https://lists.gnu.org/archive/html/bug-gnu-emacs/2024-11/msg00275.html.
I wanted to ask if it made sense for the restriction to not apply to the
following three selection modes for TIOCL_SETSEL:
TIOCL_SELPOINTER 3 /* show the pointer */
TIOCL_SELCLEAR 4 /* clear visibility of selection */
TIOCL_SELMOUSEREPORT 16 /* report beginning of selection */
On a glance over the selection code, none of these interact with
vc_sel.buffer and therefore are unrelated to the exploit linked in the
original report. Only SELPOINTER is necessary to be available to fix
Emacs bug #74220. I imagine such a change would involve moving the
capability check from tioclinux(), case TIOCL_SETSEL to inside
vc_do_selection().
Note: This is my first time emailing a Linux kernel mailing list, so
please let me know if there's any additional conventions I should be
following here.
Thank you for your time.
-- MJF
