From patchwork Sun Jan 14 15:59:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 7453
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4TCg3C0qfZz3wns
	for <patchwork@web04.haj.ipfire.org>; Sun, 14 Jan 2024 16:00:23 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4TCg390Qv9zj5;
	Sun, 14 Jan 2024 16:00:21 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4TCg385W3Lz2xGF;
	Sun, 14 Jan 2024 16:00:20 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4TCg365bC1z2xGF
	for <development@lists.ipfire.org>; Sun, 14 Jan 2024 16:00:18 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4TCg344ytBz7Mf
	for <development@lists.ipfire.org>; Sun, 14 Jan 2024 16:00:16 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1705248017;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tlUTWf/Ovt9ERjf16mYVCq9PZ2gaWe09HeDOWmQcU60=;
	b=ENJeAdVg1YRiJRg8nFSmJnZf++kkGZ14322lFJqxovhxOd7qihALtbEpErdmdhryz9iuUf
	VxgTYlFTYuteThCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1705248017;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tlUTWf/Ovt9ERjf16mYVCq9PZ2gaWe09HeDOWmQcU60=;
	b=ZagyEA8kdPoEjSjIGkVJwdvFNEJDsxYTDDYdaAvlVNcR/PxwqvEmmQs82VRoaCPAEs6Xr1
	pv9MqYCoKnzCGJ9zcGPnsN4G8O6QEzI6phLbFj4NJXL7oviaXRdZvzOx1Jbj4xgvx2PUYg
	1+MDrdkuVXObWOrlx62rKplt86Qys456SuAX5dgWKNNvxbAIPpByqKagL5LCxXcvJbcSfq
	VpLPHQZP615McuhdU8j4S5aS29tVAvu/pzmolWg++iMmr3NquAv1jYA+un7bLx+WcaXikd
	bAMPMM/dDqhAKalZQXxYUv/pjKUtEHgQByWDTI2zd3QuFghn92dXUpNK5hMG/Q==
Message-ID: <17c81585-f4d4-4d48-81f5-0abfd55b6fb3@ipfire.org>
Date: Sun, 14 Jan 2024 15:59:00 +0000
MIME-Version: 1.0
To: "IPFire: Development" <development@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH] linux: Forbid legacy TIOCSTI usage
Message-ID-Hash: OL2MGTYBWZYZZ4XOJIML6M2EHZ76ZQYF
X-Message-ID-Hash: OL2MGTYBWZYZZ4XOJIML6M2EHZ76ZQYF
X-MailFrom: peter.mueller@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/OL2MGTYBWZYZZ4XOJIML6M2EHZ76ZQYF/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

To quote from the kernel documentation:

> Historically the kernel has allowed TIOCSTI, which will push
> characters into a controlling TTY. This continues to be used
> as a malicious privilege escalation mechanism, and provides no
> meaningful real-world utility any more. Its use is considered
> a dangerous legacy operation, and can be disabled on most
> systems.
>
> Say Y here only if you have confirmed that your system's
> userspace depends on this functionality to continue operating
> normally.
>
> Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
> use TIOCSTI even when this is set to N.
>
> This functionality can be changed at runtime with the
> dev.tty.legacy_tiocsti sysctl. This configuration option sets
> the default value of the sysctl.

This patch therefore proposes to no longer allow legacy TIOCSTI usage
in IPFire, given its security implications and the apparent lack of
legitimate usage.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 2 +-
 config/kernel/kernel.config.riscv64-ipfire | 2 +-
 config/kernel/kernel.config.x86_64-ipfire  | 2 +-
 config/rootfiles/common/aarch64/linux      | 1 -
 config/rootfiles/common/riscv64/linux      | 1 -
 config/rootfiles/common/x86_64/linux       | 1 -
 6 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index 4770ed828..9b8bfa559 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -3575,7 +3575,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LEGACY_TIOCSTI=y
+# CONFIG_LEGACY_TIOCSTI is not set
 # CONFIG_LDISC_AUTOLOAD is not set
 
 #
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire
index fb4ec14d5..44d89c99e 100644
--- a/config/kernel/kernel.config.riscv64-ipfire
+++ b/config/kernel/kernel.config.riscv64-ipfire
@@ -3249,7 +3249,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LEGACY_TIOCSTI=y
+# CONFIG_LEGACY_TIOCSTI is not set
 # CONFIG_LDISC_AUTOLOAD is not set
 
 #
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 2a2748ea4..41d6f0635 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -3497,7 +3497,7 @@ CONFIG_HW_CONSOLE=y
 CONFIG_VT_HW_CONSOLE_BINDING=y
 CONFIG_UNIX98_PTYS=y
 # CONFIG_LEGACY_PTYS is not set
-CONFIG_LEGACY_TIOCSTI=y
+# CONFIG_LEGACY_TIOCSTI is not set
 # CONFIG_LDISC_AUTOLOAD is not set
 
 #
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux
index 5d2d36a46..a32c3770e 100644
--- a/config/rootfiles/common/aarch64/linux
+++ b/config/rootfiles/common/aarch64/linux
@@ -9185,7 +9185,6 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LEDS_TRIGGER_TTY
 #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
-#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
 #lib/modules/KVER-ipfire/build/include/config/LIB80211
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_TKIP
diff --git a/config/rootfiles/common/riscv64/linux b/config/rootfiles/common/riscv64/linux
index c2e0191af..5e1ac921c 100644
--- a/config/rootfiles/common/riscv64/linux
+++ b/config/rootfiles/common/riscv64/linux
@@ -8345,7 +8345,6 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LEDS_USER
 #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
-#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
 #lib/modules/KVER-ipfire/build/include/config/LIB80211
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_TKIP
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index a51f3487f..f3a8dea19 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -8996,7 +8996,6 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LEDS_USER
 #lib/modules/KVER-ipfire/build/include/config/LED_TRIGGER_PHY
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_DIRECT_IO
-#lib/modules/KVER-ipfire/build/include/config/LEGACY_TIOCSTI
 #lib/modules/KVER-ipfire/build/include/config/LEGACY_VSYSCALL_NONE
 #lib/modules/KVER-ipfire/build/include/config/LIB80211
 #lib/modules/KVER-ipfire/build/include/config/LIB80211_CRYPT_CCMP