[Unstable 0/1] LP: #2046192
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Dec 11 20:54:42 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2046192
Disable CONFIG_LEGACY_TIOCSTI.
[Impact]
>From the config option description:
Historically the kernel has allowed TIOCSTI, which will push
characters into a controlling TTY. This continues to be used
as a malicious privilege escalation mechanism, and provides no
meaningful real-world utility any more. Its use is considered
a dangerous legacy operation, and can be disabled on most
systems.
[Test case]
Test that TIOCSTI is not allowed by unprivileged user, while still allowed by CAP_SYS_ADMIN.
[Potential regression]
Programs relying on TIOCSTI may break.
Thadeu Lima de Souza Cascardo (1):
UBUNTU: [Config]: disable CONFIG_LEGACY_TIOCSTI
debian.master/config/annotations | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list