On 01/19/2015 12:57 PM, Howard Chu wrote:
> Peter Hurley wrote:
>> Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
>> allows a process which has opened a pty master to send _any_ signal
>> to the process group of the pty slave. Although potentially
>> exploitable by a malicious program running a setuid program on
>> a pty slave, it's unknown if this exploit currently exists.
>>
>> Limit to signals actually used.
>>
>> Cc: Theodore Ts'o <tytso@xxxxxxx>
>> Cc: Howard Chu <hyc@xxxxxxxxx>
>> Cc: One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx>
>> Cc: Jiri Slaby <jslaby@xxxxxxx>
>> Cc: <stable@xxxxxxxxxxxxxxx> # 2.6.36+
>> Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
>> ---
>> drivers/tty/pty.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
>> index a9d256d..46366f0 100644
>> --- a/drivers/tty/pty.c
>> +++ b/drivers/tty/pty.c
>> @@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
>> {
>> struct pid *pgrp;
>>
>> + if (sig != SIGINT || sig != SIGQUIT || sig != SIGTSTP)
>> + return -EINVAL;
>
> This patch is clearly wrong, should be && not || in the test.
Hahaha, whoops.
>
>> +
>> if (tty->link) {
>> pgrp = tty_get_pgrp(tty->link);
>> if (pgrp)
>>
>
>
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html