oss-sec mailing list archives
Re: TTY pushback vulnerabilities / TIOCSTI
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 24 Mar 2023 19:56:50 +0100
Here's a proposed patch to restrict access to the dangerous functionality. Waiting a few days for feedback here and will then try to send it to the appropriate kernel lists. ------------------ Restrict access to TIOCLINUX selection functions These functions can be used for privilege escalation when code is executed with tools like su/sudo. Signed-off-by: Hanno Böck <hanno () hboeck de> --- drivers/tty/vt/vt.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index 3c2ea9c09..367117310 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -3146,10 +3146,14 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) switch (type) { case TIOCL_SETSEL: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ret = set_selection_user((struct tiocl_selection __user *)(p+1), tty); break; case TIOCL_PASTESEL: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ret = paste_selection(tty); break; case TIOCL_UNBLANKSCREEN: @@ -3158,6 +3162,8 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) console_unlock(); break; case TIOCL_SELLOADLUT: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; console_lock(); ret = sel_loadlut(p); console_unlock(); -- 2.40.0 -- Hanno Böck https://hboeck.de/
Current thread:
- TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 19)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 21)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 24)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 17)
- Re: TTY pushback vulnerabilities / TIOCSTI Jakub Wilk (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Lyndon Nerenberg (VE7TFX/VE6BBM) (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Christos Zoulas (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Eric Ashley (Mar 18)
- Re: TTY pushback vulnerabilities / TIOCSTI Hanno Böck (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Peter Bex (Mar 14)
- Re: TTY pushback vulnerabilities / TIOCSTI Fabian Keil (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Dave Horsfall (Mar 15)
- Re: TTY pushback vulnerabilities / TIOCSTI Casper Dik (Mar 15)