lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 1 Jun 2022 21:03:11 +0200
From:   Levente Polyak <levente@...entepolyak.net>
To:     Yann Droneaud <ydroneaud@...eya.com>,
        Simon Brand <simon.brand@...tadigitale.de>,
        kernelnewbies@...nelnewbies.org, linux-hardening@...r.kernel.org,
        kernel-hardening@...ts.openwall.com
Subject: Re: Possibility of merge of disable icotl TIOCSTI patch

On 6/1/22 17:41, Yann Droneaud wrote:
>> I would provide a patch which leaves the current behavior as default,
>> but TIOCSTI can be disabled via Kconfig or cmdline switch.
>> Is there any chance this will get merged in 2022, since past
>> attempts failed?
>>

Small side note:

A complete version of Matt's initial patch has lived on in 
linux-hardened [0][1] with the `SECURITY_TIOCSTI_RESTRICT` Kconfig 
(default no) and a `tiocsti_restrict` sysctl.

If a re-attempt is feasible, both patchs [0][1] could potentially be 
re-proposed as is.

In linux-hardened we have an independent patch [2] which simply sets the 
default value of `SECURITY_TIOCSTI_RESTRICT` to `yes`, but that most 
likely is not desired.

cheers,
Levente


[0] 
https://github.com/anthraxx/linux-hardened/commit/d0e49deb1a39dc64e7c7db3340579cfc9ab1e0df
[1] 
https://github.com/anthraxx/linux-hardened/commit/ea8f20602a993c90125bf08da39894f01166dc73
[2] 
https://github.com/anthraxx/linux-hardened/commit/238551f7b6a138d6f9ba0d55fe70cf6ddc237f47

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ