lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Sep 2020 13:39:14 +0200
From:   Pavel Machek <pavel@....cz>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: fbcon scrollback broken was Re: Linux 5.9-rc6

Hi!

> The one thing that does show up in the diffstat is the softscroll
> removal (both fbcon and vgacon), and there are people who want to save
> that, but we'll see if some maintainer steps up. I'm not willing to
> resurrect it in the broken form it was in, so I doubt that will happen
> in 5.9, but we'll see what happens.

Could you... like try not to make the job harder by merging miriad of
"let's kill the documentation" patches?

I needed the feature twice already this month, once during fsck, and
then five minutes ago, when oops scrolled by me during system
shutdown. Unfortunately, shift-pageup was not available to take a look
what is going on there.

Unfortunately, Greg backported your "fix" to all the stable releases,
so resulting damage will not be easy to repair.

For the record, making the security problem unexploitable should be as
simple as patch below.

Unfortunately, Linus' changelog does not exactly tell me what all the
known problems are. Willy Tarreau pointed me to
https://www.openwall.com/lists/oss-security/2020/09/15/2 , which has
some information, but all I can reproduce are transient screen
artefacts. If someone has more detailed information, that would be
helpful.

Best regards,
								Pavel

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 19cd4a4b1939..cb2d3e7eeac8 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -3211,6 +3212,9 @@ int tioclinux(struct tty_struct *tty, unsigned long arg)
 			ret = fg_console;
 			break;
 		case TIOCL_SCROLLCONSOLE:
+			ret = -EPERM;
+			break;
+		  
 			if (get_user(lines, (s32 __user *)(p+4))) {
 				ret = -EFAULT;
 			} else {

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ