[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <56be248f-9063-1322-7b1e-83bc59414be8@leventepolyak.net>
Date: Wed, 1 Jun 2022 21:03:11 +0200
From: Levente Polyak <levente@...entepolyak.net>
To: Yann Droneaud <ydroneaud@...eya.com>,
Simon Brand <simon.brand@...tadigitale.de>,
kernelnewbies@...nelnewbies.org, linux-hardening@...r.kernel.org,
kernel-hardening@...ts.openwall.com
Subject: Re: Possibility of merge of disable icotl TIOCSTI patch
On 6/1/22 17:41, Yann Droneaud wrote:
>> I would provide a patch which leaves the current behavior as default,
>> but TIOCSTI can be disabled via Kconfig or cmdline switch.
>> Is there any chance this will get merged in 2022, since past
>> attempts failed?
>>
Small side note:
A complete version of Matt's initial patch has lived on in
linux-hardened [0][1] with the `SECURITY_TIOCSTI_RESTRICT` Kconfig
(default no) and a `tiocsti_restrict` sysctl.
If a re-attempt is feasible, both patchs [0][1] could potentially be
re-proposed as is.
In linux-hardened we have an independent patch [2] which simply sets the
default value of `SECURITY_TIOCSTI_RESTRICT` to `yes`, but that most
likely is not desired.
cheers,
Levente
[0]
https://github.com/anthraxx/linux-hardened/commit/d0e49deb1a39dc64e7c7db3340579cfc9ab1e0df
[1]
https://github.com/anthraxx/linux-hardened/commit/ea8f20602a993c90125bf08da39894f01166dc73
[2]
https://github.com/anthraxx/linux-hardened/commit/238551f7b6a138d6f9ba0d55fe70cf6ddc237f47
Powered by blists - more mailing lists