Re: [PATCH v6 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN

On 5/18/17 9:31 AM, Greg KH wrote: > On Fri, May 05, 2017 at 07:20:18PM -0400, Matt Brown wrote: >> This introduces the tiocsti_restrict sysctl, whose default is controlled via >> CONFIG_SECURITY_TIOCSTI_RESTRICT. When activated, this control restricts >> all TIOCSTI ioctl calls from non CAP_SYS_AD

Re: [PATCH v6 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN

On Fri, May 05, 2017 at 07:20:18PM -0400, Matt Brown wrote: > This introduces the tiocsti_restrict sysctl, whose default is controlled via > CONFIG_SECURITY_TIOCSTI_RESTRICT. When activated, this control restricts > all TIOCSTI ioctl calls from non CAP_SYS_ADMIN users. > > This patch depends on pa

[PATCH v6 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN

This introduces the tiocsti_restrict sysctl, whose default is controlled via CONFIG_SECURITY_TIOCSTI_RESTRICT. When activated, this control restricts all TIOCSTI ioctl calls from non CAP_SYS_ADMIN users. This patch depends on patch 1/2 This patch was inspired from GRKERNSEC_HARDEN_TTY. This patc