Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
From: James Morris
Date: Wed Apr 19 2017 - 07:18:53 EST
On Tue, 18 Apr 2017, Matt Brown wrote:
> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> project in-kernel.
It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes
sense here), and rather than sprinkling these types of things throughout
the kernel, I wonder if it might be better to implement it via LSM, in the
YAMA module.
- James
--
James Morris
<jmorris@xxxxxxxxx>