[PATCH v2] tty: Prevent untrappable signals from malicious program

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.

Limit to signals actually used.

Cc: Theodore Ts'o <tytso@xxxxxxx>
Cc: Howard Chu <hyc@xxxxxxxxx>
Cc: One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx>
Cc: Jiri Slaby <jslaby@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # 2.6.36+
Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
---

v2: Fixed stupidity.

 drivers/tty/pty.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
index a9d256d..6e1f150 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
 {
 	struct pid *pgrp;
 
+	if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
+		return -EINVAL;
+
 	if (tty->link) {
 		pgrp = tty_get_pgrp(tty->link);
 		if (pgrp)
-- 
2.2.2

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]