sys/linux: prohibit TIOCSSERIAL

Replace TIOCSSERIAL with TIOCGSERIAL.
TIOCSSERIAL can do nasty things under root, like causing writes to random memory
pretty much like /dev/mem, but this is also working as intended.
For details see:
https://groups.google.com/g/syzkaller-bugs/c/1rVENJf9P4U/m/QtGpapRxAgAJ
https://syzkaller.appspot.com/bug?extid=f4f1e871965064ae689e
TODO: TIOCSSERIAL does some other things that are not dangerous
and would be nice to test, if/when we can sanitize based on sandbox value
we could prohibit it only under sandbox=none.

1 files changed, 9 insertions, 8 deletions

diff --git a/sys/linux/init_test.go b/sys/linux/init_test.go
index 4358bef35..44a31149c 100644
--- a/sys/linux/init_test.go
+++ b/sys/linux/init_test.go
@@ -106,8 +106,7 @@ mknod(0x0, 0xc000, 0x0)
 mknod(0x0, 0x2000, 0x0)
 mknod(0x0, 0x6000, 0x0)
 mknod(0x0, 0x6000, 0x700)
-`,
-			`
+`, `
 mknod(0x0, 0x1000, 0x0)
 mknod(0x0, 0x8000, 0x0)
 mknod(0x0, 0xc000, 0x0)
@@ -125,8 +124,7 @@ exit(0xc3)
 exit_group(0x5a)
 exit_group(0x43)
 exit_group(0x443)
-`,
-			`
+`, `
 exit(0x3)
 exit(0x1)
 exit(0x1)
@@ -143,14 +141,13 @@ syz_open_procfs(0x0, &(0x7f0000000000)='exe')
 syz_open_procfs(0x0, &(0x7f0000000000)='exe\x00')
 syz_open_procfs(0x0, &(0x7f0000000000)='/exe')
 syz_open_procfs(0x0, &(0x7f0000000000)='./exe\x00')
-`,
-			`
+`, `
 syz_open_procfs(0x0, &(0x7f0000000000)='io')
 syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
 syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
 syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
 syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
-			`,
+`,
 		},
 
 		{
@@ -163,7 +160,11 @@ syz_open_dev$tty1(0xc, 0x4, 0x5)
 syz_open_dev$tty1(0xc, 0x4, 0x4)
 syz_open_dev$tty1(0xc, 0x4, 0x4)
 syz_open_dev$tty1(0xc, 0x4, 0x1)
-			`,
+`,
+		},
+		{
+			`ioctl$TIOCSSERIAL(0x0, 0x541f, 0x0)`,
+			`ioctl$TIOCSSERIAL(0x0, 0x541e, 0x0)`,
 		},
 	}
 	for i, test := range tests {