On Tue, Dec 17, 2024 at 09:47:23AM +0100, Hanno Böck wrote: > Hello, > > On Tue, 3 Dec 2024 14:53:27 +0100 > "Günther Noack" <[email protected]> wrote: > > > Hanno, you are the original author of this patch and you have done a > > more detailed analysis on the TIOCLINUX problems than me -- do you > > agree that this weakened check would still be sufficient to protect > > against the TIOCLINUX problems? (Or in other words, if we permitted > > TIOCL_SELPOINTER, TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT for > > non-CAP_SYS_ADMIN processes, would you still see a way to misuse that > > functionality?) > > Sorry for the late feedback. > > I believe that this is correct, and permitting these functionalities > still preserves the security fix. I also checked with Jakub Wilk, who > was the original author of the exploit. > The patch you posted in the meantime[1] should be fine. > > https://lore.kernel.org/linux-hardening/[email protected]/T/#u
Great, can you test that and if it works for you, provide a tested-by line? thanks, greg k-h
