On 01/19/2015, 06:49 PM, Peter Hurley wrote:
> Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
> allows a process which has opened a pty master to send _any_ signal
> to the process group of the pty slave. Although potentially
> exploitable by a malicious program running a setuid program on
> a pty slave, it's unknown if this exploit currently exists.
>
> Limit to signals actually used.
>
> Cc: Theodore Ts'o <tytso@xxxxxxx>
> Cc: Howard Chu <hyc@xxxxxxxxx>
> Cc: One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx>
> Cc: Jiri Slaby <jslaby@xxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx> # 2.6.36+
> Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
> ---
> drivers/tty/pty.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
> index a9d256d..46366f0 100644
> --- a/drivers/tty/pty.c
> +++ b/drivers/tty/pty.c
> @@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
> {
> struct pid *pgrp;
>
> + if (sig != SIGINT || sig != SIGQUIT || sig != SIGTSTP)
> + return -EINVAL;
s/||/\&\&/ :)
--
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html