| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ee3ec63269b43b34e1c90dd8c9743bf8@finder.org> Date: Fri, 29 Nov 2024 11:33:31 -0800 From: Jared Finder <jared@...der.org> To: linux-hardening@...r.kernel.org Subject: GPM & Emacs broken in Linux 6.7 -- ok to relax check? The change to restrict access to TIOCLINUX that was added in Linux 6.7 breaks Emacs rendering of the mouse pointer. This change was previous discussed in https://lwn.net/ml/kernel-hardening/20230402160815.74760f87.hanno@hboeck.de/. An associated Emacs bug report, bug #74220, is discussed at https://lists.gnu.org/archive/html/bug-gnu-emacs/2024-11/msg00275.html. I wanted to ask if it made sense for the restriction to not apply to the following three selection modes for TIOCL_SETSEL: TIOCL_SELPOINTER 3 /* show the pointer */ TIOCL_SELCLEAR 4 /* clear visibility of selection */ TIOCL_SELMOUSEREPORT 16 /* report beginning of selection */ On a glance over the selection code, none of these interact with vc_sel.buffer and therefore are unrelated to the exploit linked in the original report. Only SELPOINTER is necessary to be available to fix Emacs bug #74220. I imagine such a change would involve moving the capability check from tioclinux(), case TIOCL_SETSEL to inside vc_do_selection(). Note: This is my first time emailing a Linux kernel mailing list, so please let me know if there's any additional conventions I should be following here. Thank you for your time. -- MJF
Powered by blists - more mailing lists