Hello, On Tue, 3 Dec 2024 14:53:27 +0100 "Günther Noack" <[email protected]> wrote:
> Hanno, you are the original author of this patch and you have done a > more detailed analysis on the TIOCLINUX problems than me -- do you > agree that this weakened check would still be sufficient to protect > against the TIOCLINUX problems? (Or in other words, if we permitted > TIOCL_SELPOINTER, TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT for > non-CAP_SYS_ADMIN processes, would you still see a way to misuse that > functionality?) Sorry for the late feedback. I believe that this is correct, and permitting these functionalities still preserves the security fix. I also checked with Jakub Wilk, who was the original author of the exploit. The patch you posted in the meantime[1] should be fine. https://lore.kernel.org/linux-hardening/[email protected]/T/#u -- Hanno Böck https://hboeck.de/
