Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN

From: James Morris
Date: Wed Apr 19 2017 - 07:18:53 EST

Next message: Mason: "Re: [RFC PATCH v0.2] PCI: Add support for tango PCIe host bridge"
Previous message: Razmik Karapetyan: "[PATCH 1/2] usb: dwc2: Remove unnecessary debug prints"
In reply to: Serge E. Hallyn: "Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN"
Next in thread: Matt Brown: "Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 18 Apr 2017, Matt Brown wrote:

> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> project in-kernel.

It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes
sense here), and rather than sprinkling these types of things throughout
the kernel, I wonder if it might be better to implement it via LSM, in the
YAMA module.

- James
--
James Morris
<jmorris@xxxxxxxxx>

Next message: Mason: "Re: [RFC PATCH v0.2] PCI: Add support for tango PCIe host bridge"
Previous message: Razmik Karapetyan: "[PATCH 1/2] usb: dwc2: Remove unnecessary debug prints"
In reply to: Serge E. Hallyn: "Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN"
Next in thread: Matt Brown: "Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]