| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024121726-electable-tabloid-bf55@gregkh> Date: Tue, 17 Dec 2024 09:49:42 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Hanno Böck <hanno@...eck.de> Cc: Günther Noack <gnoack@...gle.com>, Jann Horn <jannh@...gle.com>, Jared Finder <jared@...der.org>, Jiri Slaby <jirislaby@...nel.org>, linux-hardening@...r.kernel.org, regressions@...ts.linux.dev, kernel list <linux-kernel@...r.kernel.org>, jwilk@...lk.net Subject: Re: GPM & Emacs broken in Linux 6.7 -- ok to relax check? On Tue, Dec 17, 2024 at 09:47:23AM +0100, Hanno Böck wrote: > Hello, > > On Tue, 3 Dec 2024 14:53:27 +0100 > "Günther Noack" <gnoack@...gle.com> wrote: > > > Hanno, you are the original author of this patch and you have done a > > more detailed analysis on the TIOCLINUX problems than me -- do you > > agree that this weakened check would still be sufficient to protect > > against the TIOCLINUX problems? (Or in other words, if we permitted > > TIOCL_SELPOINTER, TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT for > > non-CAP_SYS_ADMIN processes, would you still see a way to misuse that > > functionality?) > > Sorry for the late feedback. > > I believe that this is correct, and permitting these functionalities > still preserves the security fix. I also checked with Jakub Wilk, who > was the original author of the exploit. > The patch you posted in the meantime[1] should be fine. > > https://lore.kernel.org/linux-hardening/Z2BKetPygDM36X-X@google.com/T/#u Great, can you test that and if it works for you, provide a tested-by line? thanks, greg k-h
Powered by blists - more mailing lists