[PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN

James Morris jmorris at namei.org
Wed Apr 19 11:18:13 UTC 2017


On Tue, 18 Apr 2017, Matt Brown wrote:

> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> project in-kernel.

It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes 
sense here), and rather than sprinkling these types of things throughout 
the kernel, I wonder if it might be better to implement it via LSM, in the 
YAMA module.



- James
-- 
James Morris
<jmorris at namei.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list