| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202501100850.5E4D0A5@keescook>
Date: Fri, 10 Jan 2025 08:50:57 -0800
From: Kees Cook <kees@...nel.org>
To: Günther Noack <gnoack@...gle.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jann Horn <jannh@...gle.com>,
Hanno Böck <hanno@...eck.de>,
Jiri Slaby <jirislaby@...nel.org>, linux-hardening@...r.kernel.org,
regressions@...ts.linux.dev, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH v2] tty: Permit some TIOCL_SETSEL modes without
CAP_SYS_ADMIN
On Fri, Jan 10, 2025 at 02:21:22PM +0000, Günther Noack wrote:
> With this, processes without CAP_SYS_ADMIN are able to use TIOCLINUX with
> subcode TIOCL_SETSEL, in the selection modes TIOCL_SETPOINTER,
> TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT.
>
> TIOCL_SETSEL was previously changed to require CAP_SYS_ADMIN, as this IOCTL
> let callers change the selection buffer and could be used to simulate
> keypresses. These three TIOCL_SETSEL selection modes, however, are safe to
> use, as they do not modify the selection buffer.
>
> This fixes a mouse support regression that affected Emacs (invisible mouse
> cursor).
>
> Cc: stable@...r.kernel.org
> Link: https://lore.kernel.org/r/ee3ec63269b43b34e1c90dd8c9743bf8@finder.org
> Fixes: 8d1b43f6a6df ("tty: Restrict access to TIOCLINUX' copy-and-paste subcommands")
> Signed-off-by: Günther Noack <gnoack@...gle.com>
Reviewed-by: Kees Cook <kees@...nel.org>
--
Kees Cook
Powered by blists - more mailing lists