lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 17 May 2017 17:41:13 +0100
From:   Alan Cox <gnomes@...rguk.ukuu.org.uk>
To:     Kees Cook <keescook@...omium.org>
Cc:     Matt Brown <matt@...tt.com>, Peter Dolding <oiaohm@...il.com>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Jiri Slaby <jslaby@...e.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Jann Horn <jannh@...gle.com>, James Morris <jmorris@...ei.org>,
        "kernel-hardening@...ts.openwall.com" 
        <kernel-hardening@...ts.openwall.com>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v6 0/2] security: tty: make TIOCSTI ioctl require
 CAP_SYS_ADMIN

> If we're adjusting applications, they should be made to avoid TIOSCTI
> completely. This looks to me a lot like the symlink restrictions: yes,
> userspace should be fixed to the do the right thing, but why not
> provide support to userspace to avoid the problem entirely?

We do it's called pty/tty. There isn't any other way to do this correctly
because TIOCSTI is just one hundreds of things the attacker can do to
make your life miserable in the case you create a child process of lower
security privilege and give it your tty file handle or worse (like some
container crapware) your X11 socket fd.

Does it really matter any more or less if I reprogram your enter key, use
TIOCSTI, set the baud rate, change all your fonts ?

The mainstream tools like sudo get this right (*). Blocking TIOCSTI fixes
nothing and breaks apps. If it magically fixed the problem it might make
sense but it doesn't. You actually have to get an adult to write the
relevant code.

Alan
(*) Almost. There's an old world trick of sending "+++" "ATE1" "rm -rf
*\r\n" to try and attack improperly configured remote modem sessions but
the stuff that matters is handled.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ