On 5/30/17 4:22 PM, Daniel Micay wrote: >> Thanks, I didn't know that android was doing this. I still think this >> feature >> is worthwhile for people to be able to harden their systems against >> this attack >> vector without having to implement a MAC. > > Since there's a capable LSM hook for ioctl already, it means it could go > in Yama with ptrace_scope but core kernel code would still need to be > changed to track the owning tty. I think Yama vs. core kernel shouldn't > matter much anymore due to stackable LSMs. >
What does everyone think about a v8 that moves this feature under Yama and uses the file_ioctl LSM hook? > Not the case for perf_event_paranoid=3 where a) there's already a sysctl > exposed which would be unfortunate to duplicate, b) there isn't an LSM > hook yet (AFAIK). > > The toggles for ptrace and perf events are more useful though since > they're very commonly used debugging features vs. this obscure, rarely > used ioctl that in practice no one will notice is missing. It's still > friendlier to have a toggle than a seccomp policy requiring a reboot to > get rid of it, or worse compiling it out of the kernel. >