Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tty: Restrict access to TIOCLINUX' copy-and-paste subcommands
TIOCLINUX can be used for privilege escalation on virtual terminals when code is executed via tools like su/sudo and sandboxing tools. By abusing the selection features, a lower-privileged application can write content to the console, select and copy/paste that content and thereby executing code on the privileged account. See also the poc here: https://www.openwall.com/lists/oss-security/2023/03/14/3 Selection is usually used by tools like gpm that provide mouse features on the virtual console. gpm already runs as root (due to earlier changes that restrict access to a user on the current TTY), therefore it will still work with this change. With this change, the following TIOCLINUX subcommands require CAP_SYS_ADMIN: * TIOCL_SETSEL - setting the selected region on the terminal * TIOCL_PASTESEL - pasting the contents of the selected region into the input buffer * TIOCL_SELLOADLUT - changing word-by-word selection behaviour The security problem mitigated is similar to the security risks caused by TIOCSTI, which, since kernel 6.2, can be disabled with CONFIG_LEGACY_TIOCSTI=n. Signed-off-by: Hanno Böck <hanno@hboeck.de> Signed-off-by: Günther Noack <gnoack@google.com> Tested-by: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20230828164117.3608812-2-gnoack@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- Loading branch information
