On Tue, Dec 03, 2024 at 02:53:27PM +0100, Günther Noack wrote: > Hanno, you are the original author of this patch and you have done a more > detailed analysis on the TIOCLINUX problems than me -- do you agree that this > weakened check would still be sufficient to protect against the TIOCLINUX > problems? (Or in other words, if we permitted TIOCL_SELPOINTER, > TIOCL_SELCLEAR > and TIOCL_SELMOUSEREPORT for non-CAP_SYS_ADMIN processes, would you still see > a > way to misuse that functionality?)
P.S.: For reference, some more detailed reasoning why I think that that proposal would be OK: It would protect at least against the "minittyjack.c" example that was attached to https://www.openwall.com/lists/oss-security/2023/03/14/3 The trick used there was: * ioctl() with TIOCLINUX with TIOCL_SETSEL with TIOCL_SELLINE, to make a selection (a.k.a. changing the contents of vc_sel) * ioctl() with TIOCLINUX and TIOCL_PASTESEL to paste the selection. (The implementation for that is in selection.c/paste_selection() and is just copying from vc_sel.) So as long as we are protecting the change to vc_sel, that should be OK in my mind. —Günther
