On Fri, Jan 10, 2025 at 02:21:22PM +0000, Günther Noack wrote:
With this, processes without CAP_SYS_ADMIN are able to use TIOCLINUX with subcode TIOCL_SETSEL, in the selection modes TIOCL_SETPOINTER, TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT.
TIOCL_SETSEL was previously changed to require CAP_SYS_ADMIN, as this IOCTL let callers change the selection buffer and could be used to simulate keypresses. These three TIOCL_SETSEL selection modes, however, are safe to use, as they do not modify the selection buffer.
This fixes a mouse support regression that affected Emacs (invisible mouse cursor).
Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/ee3ec63269b43b34e1c90dd8c9743bf8@finder.org Fixes: 8d1b43f6a6df ("tty: Restrict access to TIOCLINUX' copy-and-paste subcommands") Signed-off-by: Günther Noack gnoack@google.com
Changes in V2:
Removed comment in vt.c (per Greg's suggestion)
CC'd stable@
I *kept* the CAP_SYS_ADMIN check *after* copy_from_user(), with the reasoning that:
- I do not see a good alternative to reorder the code here. We need the data from copy_from_user() in order to know whether the CAP_SYS_ADMIN check even needs to be performed.
- A previous get_user() from an adjacent memory region already worked (making this a very unlikely failure)
I would still appreciate a more formal Tested-by from Hanno (hint, hint) :)
This really is v3, as you sent a v2 last year, right?
b4 got really confused, but I think I figured it out. Whenever you resend, bump the version number please, otherwise it causes problems. Remember, some of use deal with thousands of patches a week...
thanks,
greg k-h