Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp18885334rwd; Wed, 28 Jun 2023 01:56:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7/9x6AxBQUpLBOIdNMVBic+DyXJgOrvNb4db1sEjYiZ0mtjVwEZ0mlEYfuAg5AO5j4kk9V X-Received: by 2002:a05:6808:f8a:b0:3a1:cb53:2c2f with SMTP id o10-20020a0568080f8a00b003a1cb532c2fmr12296460oiw.17.1687942604396; Wed, 28 Jun 2023 01:56:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687942604; cv=none; d=google.com; s=arc-20160816; b=L5WCzD8LQJuM28+ukd+PpfBVTvnmQ104W6D+cTWOEc2Tqf9beSxk+hdgggRbfaawAM aRnIW/MCyfne1fx7vobZIuA5y6+/3MvQRMXNXdaFNW132myq7XQ7qz9eKSNqHd35J1w+ 6zX7kZGX6WhPEAGDYKsWw6t1HSDyX5qC7KRgBTyDtjckoYvsrz0V7dR8OHM/DNsXdPXY hwSm69aKoi0RBiEJG0odNsQDy6FePYTlrulfECP/3eETSgjJUkuznRTvG0vO38VRZ8qx GHtNGX+86ODArv/YoBx/7n1ULudm0Ml5NvCPRSVefh1sFYbrLkGX7zbX+Ti+SzR+/cv8 SNhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:organization:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date; bh=JjVRQDKlpM7i9lSjAo4ZT2TTGtTYbo6G/TvFpfmsCSw=; fh=pzQzM1sICqpkXKMiyGIIk5OBbX+z9idn10hNVauiD0A=; b=uf7KDl6Rv1fmnN9b7L4akbehjXeAnPtNMpebYhjEgapdMFIGjXckgG5Zn4r7CS9JfL 44AReYUOuwF7cYv2TIwXFDOOKQ/bKSVS6YJizO8wJIJeX3y6XjakRUfJm4wXnCp8Ki57 CBzeQLhYDl7k90rFLUyXp1E5aG0gw4K76cvzkGkxbJAiZXOFrZ6SBtT4JLb4ZiNc5HGw HP+diy5fbEUj/QkMgzbUJbczjvorfWs/A0qAozWaEIsMgdA0b5t+gZwdleI0INEZfs0Q CHU55VnOvEOKsrwmMuJH0hl1c9WoXmHznfbzR6h5ysCMPZ6K2cnvjCWZ+WpF0PR3pO7Z pAdA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e62-20020a636941000000b00553823e936fsi3781124pgc.135.2023.06.28.01.56.29; Wed, 28 Jun 2023 01:56:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235438AbjF1Ig6 (ORCPT + 99 others); Wed, 28 Jun 2023 04:36:58 -0400 Received: from sonata.ens-lyon.org ([140.77.166.138]:37174 "EHLO sonata.ens-lyon.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233934AbjF1Icx (ORCPT ); Wed, 28 Jun 2023 04:32:53 -0400 Received: from localhost (localhost [127.0.0.1]) by sonata.ens-lyon.org (Postfix) with ESMTP id 522972011A; Wed, 28 Jun 2023 08:07:19 +0200 (CEST) Received: from sonata.ens-lyon.org ([127.0.0.1]) by localhost (sonata.ens-lyon.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8P8yQ3a3VF9W; Wed, 28 Jun 2023 08:07:19 +0200 (CEST) Received: from begin (unknown [91.151.117.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by sonata.ens-lyon.org (Postfix) with ESMTPSA id 39C10200D5; Wed, 28 Jun 2023 08:07:18 +0200 (CEST) Received: from samy by begin with local (Exim 4.96) (envelope-from ) id 1qEOKi-009kLK-1u; Wed, 28 Jun 2023 08:07:16 +0200 Date: Wed, 28 Jun 2023 08:07:16 +0200 From: Samuel Thibault To: Kees Cook Cc: Kees Cook , Greg Kroah-Hartman , Jiri Slaby , Simon Brand , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Dave@mielke.cc Subject: Re: [PATCH v3 2/2] tty: Allow TIOCSTI to be disabled Message-ID: <20230628060716.vvgtlgbushyjh6km@begin> Mail-Followup-To: Samuel Thibault , Kees Cook , Kees Cook , Greg Kroah-Hartman , Jiri Slaby , Simon Brand , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, Dave@mielke.cc References: <20221022182828.give.717-kees@kernel.org> <20221022182949.2684794-2-keescook@chromium.org> <20221227234000.jgosvixx7eahqb3z@begin> <20221228205726.rfevry7ud6gmttg5@begin> <20230625155625.s4kvy7m2vw74ow4i@begin> <202306271944.E80E1D0@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202306271944.E80E1D0@keescook> Organization: I am not organized User-Agent: NeoMutt/20170609 (1.8.3) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kees Cook, le mar. 27 juin 2023 19:48:45 -0700, a ecrit: > On Sun, Jun 25, 2023 at 05:56:25PM +0200, Samuel Thibault wrote: > > > Can we perhaps just introduce a CAP_TIOCSTI that the brltty daemon would > > > be able to use? We could even make it only allow TIOCSTI on the linux > > > console (tty->ops == con_ops). > > Does brltty run with CAP_SYS_ADMIN? ATM most often, yes, though we are trying to reduce the CAP_* privileges to what it actually needs. > > *Please* comment on this so we can progress. ATM people are > > advising each other to set dev.tty.legacy_tiocsti=1, which is just > > counter-productive in terms of security... > > So is there really no solution for brltty and TIOCSTI being disabled? No, there is no way to simulate characters on the Linux console. The alternative would be to use uinput, but that simulates keycodes, not characters, thus requiring backtranslating first, which is very fragile. > What is FreeBSD doing? I imagine it's the same situation there too, > though maybe there is just no support? There is just no support in the kernel, only a patch against "screen". > > Really, this a serious regression for the people affected by this. > > Can you send a patch adding a CAP_SYS_ADMIN exception? Sure! Samuel