Greg, On Fri, Jun 28, 2024 at 04:16:26PM +0200, Greg Kroah-Hartman wrote: > On Fri, Jun 28, 2024 at 02:47:23PM +0300, Vitaly Chikunov wrote: > > Sasha, Greg, > > > > Can you please backport CONFIG_LEGACY_TIOCSTI support into stable > > kernels? > > That seems to be a new feature, not a bugfix, right? Is that applicable > to older kernels? This is related to CVE-2016-2568 (in polkit), but it's believed this is better fixed on the kernel side. > > > This, perhaps, would include there mainline commits: > > > > 83efeeeb3d04b22aaed1df99bc70a48fe9d22c4d tty: Allow TIOCSTI to be disabled > > 5c30f3e4a6e67c88c979ad30554bf4ef9b24fbd0 tty: Move TIOCSTI toggle variable before kerndoc > > b2ea273a477cd6e83daedbfa1981cd1a7468f73a tty: Fix typo in LEGACY_TIOCSTI Kconfig description > > 690c8b804ad2eafbd35da5d3c95ad325ca7d5061 TIOCSTI: always enable for CAP_SYS_ADMIN > > 3f29d9ee323ae5cda59d144d1f8b0b10ea065be0 TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig > > 8d1b43f6a6df7bcea20982ad376a000d90906b42 tty: Restrict access to TIOCLINUX' copy-and-paste subcommands > > Why not just use 6.6.y if you want this feature? Since I maintain older kernels for ALT Linux I thought I'd first ask upstream if it's possible to backport the patches before cherry-picking them myself. It is also good to know they aren't backported intentionally and not by a slip. Thanks, > > greg k-h
