On 01/19/2015 12:57 PM, Howard Chu wrote: > Peter Hurley wrote: >> Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE") >> allows a process which has opened a pty master to send _any_ signal >> to the process group of the pty slave. Although potentially >> exploitable by a malicious program running a setuid program on >> a pty slave, it's unknown if this exploit currently exists. >> >> Limit to signals actually used. >> >> Cc: Theodore Ts'o <tytso@xxxxxxx> >> Cc: Howard Chu <hyc@xxxxxxxxx> >> Cc: One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx> >> Cc: Jiri Slaby <jslaby@xxxxxxx> >> Cc: <stable@xxxxxxxxxxxxxxx> # 2.6.36+ >> Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx> >> --- >> drivers/tty/pty.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c >> index a9d256d..46366f0 100644 >> --- a/drivers/tty/pty.c >> +++ b/drivers/tty/pty.c >> @@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig) >> { >> struct pid *pgrp; >> >> + if (sig != SIGINT || sig != SIGQUIT || sig != SIGTSTP) >> + return -EINVAL; > > This patch is clearly wrong, should be && not || in the test. Hahaha, whoops. > >> + >> if (tty->link) { >> pgrp = tty_get_pgrp(tty->link); >> if (pgrp) >> > > -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html