On Tue, Dec 03, 2024 at 02:53:27PM +0100, Günther Noack wrote:
Hanno, you are the original author of this patch and you have done a more
detailed analysis on the TIOCLINUX problems than me -- do you agree that this
weakened check would still be sufficient to protect against the TIOCLINUX
problems? (Or in other words, if we permitted TIOCL_SELPOINTER, TIOCL_SELCLEAR
and TIOCL_SELMOUSEREPORT for non-CAP_SYS_ADMIN processes, would you still see a
way to misuse that functionality?)
P.S.: For reference, some more detailed reasoning why I think that that proposal
would be OK:
It would protect at least against the "minittyjack.c" example that was attached
to https://www.openwall.com/lists/oss-security/2023/03/14/3
The trick used there was:
* ioctl() with TIOCLINUX with TIOCL_SETSEL with TIOCL_SELLINE,
to make a selection (a.k.a. changing the contents of vc_sel)
* ioctl() with TIOCLINUX and TIOCL_PASTESEL to paste the selection.
(The implementation for that is in selection.c/paste_selection()
and is just copying from vc_sel.)
So as long as we are protecting the change to vc_sel, that should be OK in my
mind.