--- /dev/null
+From b0de59b5733d18b0d1974a060860a8b5c1b36a2e Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Fri, 15 Feb 2013 15:25:05 +0100
+Subject: TTY: do not update atime/mtime on read/write
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit b0de59b5733d18b0d1974a060860a8b5c1b36a2e upstream.
+
+On http://vladz.devzero.fr/013_ptmx-timing.php, we can see how to find
+out length of a password using timestamps of /dev/ptmx. It is
+documented in "Timing Analysis of Keystrokes and Timing Attacks on
+SSH". To avoid that problem, do not update time when reading
+from/writing to a TTY.
+
+I am afraid of regressions as this is a behavior we have since 0.97
+and apps may expect the time to be current, e.g. for monitoring
+whether there was a change on the TTY. Now, there is no change. So
+this would better have a lot of testing before it goes upstream.
+
+References: CVE-2013-0160
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_io.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -975,8 +975,7 @@ static ssize_t tty_read(struct file *fil
+ else
+ i = -EIO;
+ tty_ldisc_deref(ld);
+- if (i > 0)
+- inode->i_atime = current_fs_time(inode->i_sb);
++
+ return i;
+ }
+
+@@ -1077,11 +1076,8 @@ static inline ssize_t do_tty_write(
+ break;
+ cond_resched();
+ }
+- if (written) {
+- struct inode *inode = file->f_path.dentry->d_inode;
+- inode->i_mtime = current_fs_time(inode->i_sb);
++ if (written)
+ ret = written;
+- }
+ out:
+ tty_write_unlock(tty);
+ return ret;
--- /dev/null
+From 37b7f3c76595e23257f61bd80b223de8658617ee Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Fri, 26 Apr 2013 13:48:53 +0200
+Subject: TTY: fix atime/mtime regression
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit 37b7f3c76595e23257f61bd80b223de8658617ee upstream.
+
+In commit b0de59b5733d ("TTY: do not update atime/mtime on read/write")
+we removed timestamps from tty inodes to fix a security issue and waited
+if something breaks. Well, 'w', the utility to find out logged users
+and their inactivity time broke. It shows that users are inactive since
+the time they logged in.
+
+To revert to the old behaviour while still preventing attackers to
+guess the password length, we update the timestamps in one-minute
+intervals by this patch.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_io.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -939,6 +939,14 @@ void start_tty(struct tty_struct *tty)
+
+ EXPORT_SYMBOL(start_tty);
+
++static void tty_update_time(struct timespec *time)
++{
++ unsigned long sec = get_seconds();
++ sec -= sec % 60;
++ if ((long)(sec - time->tv_sec) > 0)
++ time->tv_sec = sec;
++}
++
+ /**
+ * tty_read - read method for tty device files
+ * @file: pointer to tty file
+@@ -976,6 +984,9 @@ static ssize_t tty_read(struct file *fil
+ i = -EIO;
+ tty_ldisc_deref(ld);
+
++ if (i > 0)
++ tty_update_time(&inode->i_atime);
++
+ return i;
+ }
+
+@@ -1076,8 +1087,11 @@ static inline ssize_t do_tty_write(
+ break;
+ cond_resched();
+ }
+- if (written)
++ if (written) {
++ struct inode *inode = file->f_path.dentry->d_inode;
++ tty_update_time(&inode->i_mtime);
+ ret = written;
++ }
+ out:
+ tty_write_unlock(tty);
+ return ret;
projects / thirdparty / kernel / stable-queue.git / commitdiff
