[kernel-hardening] Re: [PATCH v7 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
From: Matt Brown <hidden>
Date: 2017-05-30 23:59:25
Also in:
lkml
On 5/30/17 7:40 PM, Daniel Micay wrote:
On Tue, 2017-05-30 at 19:00 -0400, Matt Brown wrote:quoted
On 5/30/17 4:22 PM, Daniel Micay wrote:quoted
quoted
Thanks, I didn't know that android was doing this. I still think this feature is worthwhile for people to be able to harden their systems against this attack vector without having to implement a MAC.Since there's a capable LSM hook for ioctl already, it means it could go in Yama with ptrace_scope but core kernel code would still need to be changed to track the owning tty. I think Yama vs. core kernel shouldn't matter much anymore due to stackable LSMs.What does everyone think about a v8 that moves this feature under Yama and uses the file_ioctl LSM hook?It would only make a difference if it could be fully contained there, as in not depending on tracking the tty owner.
For the reasons discussed earlier (to allow for nested containers where one of the containers is privileged) we want to track the user namespace that owns the tty. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html