[PATCH] linux: Forbid legacy TIOCSTI usage

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] linux: Forbid legacy TIOCSTI usage
@ 2024-01-14 16:00 Peter Müller
  2024-01-16 15:32 ` Michael Tremer
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2024-01-14 16:00 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 4943 bytes --]

To quote from the kernel documentation:

> Historically the kernel has allowed TIOCSTI, which will push
> characters into a controlling TTY. This continues to be used
> as a malicious privilege escalation mechanism, and provides no
> meaningful real-world utility any more. Its use is considered
> a dangerous legacy operation, and can be disabled on most
> systems.
>
> Say Y here only if you have confirmed that your system's
> userspace depends on this functionality to continue operating
> normally.
>
> Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
> use TIOCSTI even when this is set to N.
>
> This functionality can be changed at runtime with the
> dev.tty.legacy_tiocsti sysctl. This configuration option sets
> the default value of the sysctl.

This patch therefore proposes to no longer allow legacy TIOCSTI usage
in IPFire, given its security implications and the apparent lack of
legitimate usage.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 2 +-
 config/kernel/kernel.config.riscv64-ipfire | 2 +-
 config/kernel/kernel.config.x86_64-ipfire  | 2 +-
 config/rootfiles/common/aarch64/linux      | 1 -
 config/rootfiles/common/riscv64/linux      | 1 -
 config/rootfiles/common/x86_64/linux       | 1 -
 6 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index 4770ed828..9b8bfa559 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -3575,7 +3575,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LEGACY_TIOCSTI=y
+# CONFIG_LEGACY_TIOCSTI is not set
 # CONFIG_LDISC_AUTOLOAD is not set
 
 #
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire
index fb4ec14d5..44d89c99e 100644
--- a/config/kernel/kernel.config.riscv64-ipfire
+++ b/config/kernel/kernel.config.riscv64-ipfire
@@ -3249,7 +3249,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LEGACY_TIOCSTI=y
+# CONFIG_LEGACY_TIOCSTI is not set
 # CONFIG_LDISC_AUTOLOAD is not set
 
 #
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 2a2748ea4..41d6f0635 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -3497,7 +3497,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LEGACY_TIOCSTI=y
+# CONFIG_LEGACY_TIOCSTI is not set
 # CONFIG_LDISC_AUTOLOAD is not set
 
 #
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux
index 5d2d36a46..a32c3770e 100644
--- a/config/rootfiles/common/aarch64/linux
+++ b/config/rootfiles/common/aarch64/linux
@@ -9185,7 +9185,6 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LEDS_TRIGGER_TTY
 #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
-#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
 #lib/modules/KVER-ipfire/build/include/config/LIB80211
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_TKIP
diff --git a/config/rootfiles/common/riscv64/linux b/config/rootfiles/common/riscv64/linux
index c2e0191af..5e1ac921c 100644
--- a/config/rootfiles/common/riscv64/linux
+++ b/config/rootfiles/common/riscv64/linux
@@ -8345,7 +8345,6 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LEDS_USER
 #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
-#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
 #lib/modules/KVER-ipfire/build/include/config/LIB80211
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_TKIP
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index a51f3487f..f3a8dea19 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -8996,7 +8996,6 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LEDS_USER
 #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
-#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_VSYSCALL_NONE
 #lib/modules/KVER-ipfire/build/include/config/LIB80211
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
-- 
2.35.3

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] linux: Forbid legacy TIOCSTI usage
  2024-01-14 16:00 [PATCH] linux: Forbid legacy TIOCSTI usage Peter Müller
@ 2024-01-16 15:32 ` Michael Tremer
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2024-01-16 15:32 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 5256 bytes --]

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Jan 2024, at 15:59, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> To quote from the kernel documentation:
> 
>> Historically the kernel has allowed TIOCSTI, which will push
>> characters into a controlling TTY. This continues to be used
>> as a malicious privilege escalation mechanism, and provides no
>> meaningful real-world utility any more. Its use is considered
>> a dangerous legacy operation, and can be disabled on most
>> systems.
>> 
>> Say Y here only if you have confirmed that your system's
>> userspace depends on this functionality to continue operating
>> normally.
>> 
>> Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
>> use TIOCSTI even when this is set to N.
>> 
>> This functionality can be changed at runtime with the
>> dev.tty.legacy_tiocsti sysctl. This configuration option sets
>> the default value of the sysctl.
> 
> This patch therefore proposes to no longer allow legacy TIOCSTI usage
> in IPFire, given its security implications and the apparent lack of
> legitimate usage.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 2 +-
> config/kernel/kernel.config.riscv64-ipfire | 2 +-
> config/kernel/kernel.config.x86_64-ipfire  | 2 +-
> config/rootfiles/common/aarch64/linux      | 1 -
> config/rootfiles/common/riscv64/linux      | 1 -
> config/rootfiles/common/x86_64/linux       | 1 -
> 6 files changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index 4770ed828..9b8bfa559 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -3575,7 +3575,7 @@ CONFIG_HW_CONSOLE=y
> CONFIG_VT_HW_CONSOLE_BINDING=y
> CONFIG_UNIX98_PTYS=y
> # CONFIG_LEGACY_PTYS is not set
> -CONFIG_LEGACY_TIOCSTI=y
> +# CONFIG_LEGACY_TIOCSTI is not set
> # CONFIG_LDISC_AUTOLOAD is not set
> 
> #
> diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire
> index fb4ec14d5..44d89c99e 100644
> --- a/config/kernel/kernel.config.riscv64-ipfire
> +++ b/config/kernel/kernel.config.riscv64-ipfire
> @@ -3249,7 +3249,7 @@ CONFIG_HW_CONSOLE=y
> CONFIG_VT_HW_CONSOLE_BINDING=y
> CONFIG_UNIX98_PTYS=y
> # CONFIG_LEGACY_PTYS is not set
> -CONFIG_LEGACY_TIOCSTI=y
> +# CONFIG_LEGACY_TIOCSTI is not set
> # CONFIG_LDISC_AUTOLOAD is not set
> 
> #
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index 2a2748ea4..41d6f0635 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -3497,7 +3497,7 @@ CONFIG_HW_CONSOLE=y
> CONFIG_VT_HW_CONSOLE_BINDING=y
> CONFIG_UNIX98_PTYS=y
> # CONFIG_LEGACY_PTYS is not set
> -CONFIG_LEGACY_TIOCSTI=y
> +# CONFIG_LEGACY_TIOCSTI is not set
> # CONFIG_LDISC_AUTOLOAD is not set
> 
> #
> diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux
> index 5d2d36a46..a32c3770e 100644
> --- a/config/rootfiles/common/aarch64/linux
> +++ b/config/rootfiles/common/aarch64/linux
> @@ -9185,7 +9185,6 @@ etc/modprobe.d/ipv6.conf
> #lib/modules/KVER-ipfire/build/include/config/LEDS_TRIGGER_TTY
> #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
> #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
> -#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
> #lib/modules/KVER-ipfire/build/include/config/LIB80211
> #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
> #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_TKIP
> diff --git a/config/rootfiles/common/riscv64/linux b/config/rootfiles/common/riscv64/linux
> index c2e0191af..5e1ac921c 100644
> --- a/config/rootfiles/common/riscv64/linux
> +++ b/config/rootfiles/common/riscv64/linux
> @@ -8345,7 +8345,6 @@ etc/modprobe.d/ipv6.conf
> #lib/modules/KVER-ipfire/build/include/config/LEDS_USER
> #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
> #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
> -#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
> #lib/modules/KVER-ipfire/build/include/config/LIB80211
> #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
> #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_TKIP
> diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
> index a51f3487f..f3a8dea19 100644
> --- a/config/rootfiles/common/x86_64/linux
> +++ b/config/rootfiles/common/x86_64/linux
> @@ -8996,7 +8996,6 @@ etc/modprobe.d/ipv6.conf
> #lib/modules/KVER-ipfire/build/include/config/LEDS_USER
> #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
> #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
> -#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
> #lib/modules/KVER-ipfire/build/include/config/LEGACY_VSYSCALL_NONE
> #lib/modules/KVER-ipfire/build/include/config/LIB80211
> #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
> -- 
> 2.35.3


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-01-16 15:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-14 16:00 [PATCH] linux: Forbid legacy TIOCSTI usage Peter Müller
2024-01-16 15:32 ` Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox