[PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
James Morris
jmorris at namei.org
Wed Apr 19 11:18:13 UTC 2017
On Tue, 18 Apr 2017, Matt Brown wrote:
> This patch reproduces GRKERNSEC_HARDEN_TTY functionality from the grsecurity
> project in-kernel.
It seems like an ugly hack to an ugly feature (CAP_SYS_ADMIN barely makes
sense here), and rather than sprinkling these types of things throughout
the kernel, I wonder if it might be better to implement it via LSM, in the
YAMA module.
- James
--
James Morris
<jmorris at namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list