Re: GPM & Emacs broken in Linux 6.7 -- ok to relax check?

From: Greg Kroah-Hartman
Date: Tue Dec 17 2024 - 03:50:21 EST

Next message: Barry Song: "Re: [PATCH V6] mm, compaction: don't use ALLOC_CMA in long term GUP flow"
Previous message: Ard Biesheuvel: "Re: [PATCH 9/9] x86/kexec: Use typedef for relocate_kernel_fn function prototype"
In reply to: Hanno Böck: "Re: GPM & Emacs broken in Linux 6.7 -- ok to relax check?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 17, 2024 at 09:47:23AM +0100, Hanno Böck wrote:
> Hello,
>
> On Tue, 3 Dec 2024 14:53:27 +0100
> "Günther Noack" <gnoack@xxxxxxxxxx> wrote:
>
> > Hanno, you are the original author of this patch and you have done a
> > more detailed analysis on the TIOCLINUX problems than me -- do you
> > agree that this weakened check would still be sufficient to protect
> > against the TIOCLINUX problems? (Or in other words, if we permitted
> > TIOCL_SELPOINTER, TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT for
> > non-CAP_SYS_ADMIN processes, would you still see a way to misuse that
> > functionality?)
>
> Sorry for the late feedback.
>
> I believe that this is correct, and permitting these functionalities
> still preserves the security fix. I also checked with Jakub Wilk, who
> was the original author of the exploit.
> The patch you posted in the meantime[1] should be fine.
>
> https://lore.kernel.org/linux-hardening/Z2BKetPygDM36X-X@xxxxxxxxxx/T/#u

Great, can you test that and if it works for you, provide a tested-by
line?

thanks,

greg k-h

Next message: Barry Song: "Re: [PATCH V6] mm, compaction: don't use ALLOC_CMA in long term GUP flow"
Previous message: Ard Biesheuvel: "Re: [PATCH 9/9] x86/kexec: Use typedef for relocate_kernel_fn function prototype"
In reply to: Hanno Böck: "Re: GPM & Emacs broken in Linux 6.7 -- ok to relax check?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]