tty: Restrict access to TIOCLINUX' copy-and-paste subcommands
TIOCLINUX can be used for privilege escalation on virtual terminals when code is executed via tools like su/sudo and sandboxing tools. By abusing the selection features, a lower-privileged application can write content to the console, select and copy/paste that content and thereby executing code on the privileged account. See also the poc here: https://www.openwall.com/lists/oss-security/2023/03/14/3 Selection is usually used by tools like gpm that provide mouse features on the virtual console. gpm already runs as root (due to earlier changes that restrict access to a user on the current TTY), therefore it will still work with this change. With this change, the following TIOCLINUX subcommands require CAP_SYS_ADMIN: * TIOCL_SETSEL - setting the selected region on the terminal * TIOCL_PASTESEL - pasting the contents of the selected region into the input buffer * TIOCL_SELLOADLUT - changing word-by-word selection behaviour The security problem mitigated is similar to the security risks caused by TIOCSTI, which, since kernel 6.2, can be disabled with CONFIG_LEGACY_TIOCSTI=n. Signed-off-by:Hanno Böck <hanno@hboeck.de> Signed-off-by:
Loading
Please register or sign in to comment