On 12/15/2023 6:38 PM, Greg KH wrote: > On Fri, Dec 15, 2023 at 05:32:52PM +0800, quic_zijuhu wrote: >> On 12/15/2023 4:43 PM, Greg KH wrote: >>> On Fri, Dec 15, 2023 at 04:28:53PM +0800, Zijun Hu wrote: >>>> Function tty_ldisc_get() has a simple logical error and may cause tty-ldisc >>>> module to be loaded by a user without CAP_SYS_MODULE, this security issue >>>> is fixed by correcting the logical error. >>> >>> What specific security issue are you referring to here? >> module tty-ldisc is able to be loaded by a user who don't have relevant permission CAP_SYS_MODULE to load module. > > Yes, that is as-intended, why are you trying to break existing > functionality that has been present for forever? > i understood current design by looking at historical commit and agree that current design is okay. >> current logical is weird and it confuse me as a tty driver beginner since the intuitive checking is shown by my change. > > It might be confusing, but it is correct. You have to justify changing > existing functionality a lot, especially for user-visable stuff like > this. > i will add more comments and optimize checking logical but remain current logic in order to make it easy to understand > And to say it is a "security issue" is not correct, it is this way by > design, please work to understand history before attempting to change it > for no documented reason. Did you read the config option that helps > control this functionality? Did the help text there not explain it > properly? If so, please provide additional documentation where needed. > make sense. > I suggest working with others at your company that have more experience > before submitting changes like this in the future, as they should be > able to help you out better instead of relying on the community to do > so. > > thanks, > > greg k-h
