oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution

From: Steffen Nurpmeso <steffen () sdaoden eu>
Date: Tue, 18 Apr 2023 23:27:20 +0200
0xef967c36 () gmail com wrote in
 <5e92a8d676a0ddfb5c426f3412bd7aa6.1ab4a9b2@ignited.turnovers>:
 |On Tue, Apr 18, 2023 at 09:28:22PM +0200, Solar Designer wrote:
 |> On Tue, Apr 18, 2023 at 08:13:24PM +0300, 0xef967c36 () gmail com wrote:
  ...
 |Here is (possibly partial) list of collisions, obtained with uniq -D
 |from src/ioctlent0.h (a file autogenerated when building strace).
 ...

In that case even the FreeBSD rights(4) (capsicum(4)) manual entry

   CAP_IOCTL    Permit ioctl(2).  Be aware that this system call has
                enormous scope, including potentially global scope
                for some objects.  The list of permitted ioctl
                commands can be further limited with the
                cap_ioctls_limit(2) system call.

is teethless.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
Previous By Date Next
Previous By Thread Next

Current thread: