patch "TTY: do not update atime/mtime on read/write" added to tty tree

Fri, 15 Feb 2013 10:53:39 -0800 

This is a note to let you know that I've just added the patch titled

    TTY: do not update atime/mtime on read/write

to my tty git tree which can be found at
    git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git
in the tty-next branch.

The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)

The patch will also be merged in the next major kernel release
during the merge window.

If you have any questions about this process, please let me know.


>From b0de59b5733d18b0d1974a060860a8b5c1b36a2e Mon Sep 17 00:00:00 2001
From: Jiri Slaby <[email protected]>
Date: Fri, 15 Feb 2013 15:25:05 +0100
Subject: TTY: do not update atime/mtime on read/write

On http://vladz.devzero.fr/013_ptmx-timing.php, we can see how to find
out length of a password using timestamps of /dev/ptmx. It is
documented in "Timing Analysis of Keystrokes and Timing Attacks on
SSH". To avoid that problem, do not update time when reading
from/writing to a TTY.

I am afraid of regressions as this is a behavior we have since 0.97
and apps may expect the time to be current, e.g. for monitoring
whether there was a change on the TTY. Now, there is no change. So
this would better have a lot of testing before it goes upstream.

References: CVE-2013-0160

Signed-off-by: Jiri Slaby <[email protected]>
Cc: stable <[email protected]> # after 3.9 is out
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
 drivers/tty/tty_io.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 54a254a..8f44d62 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -977,8 +977,7 @@ static ssize_t tty_read(struct file *file, char __user 
*buf, size_t count,
        else
                i = -EIO;
        tty_ldisc_deref(ld);
-       if (i > 0)
-               inode->i_atime = current_fs_time(inode->i_sb);
+
        return i;
 }
 
@@ -1079,11 +1078,8 @@ static inline ssize_t do_tty_write(
                        break;
                cond_resched();
        }
-       if (written) {
-               struct inode *inode = file->f_path.dentry->d_inode;
-               inode->i_mtime = current_fs_time(inode->i_sb);
+       if (written)
                ret = written;
-       }
 out:
        tty_write_unlock(tty);
        return ret;
-- 
1.8.1.rc1.5.g7e0651a


--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to