This is a note to let you know that I've just added the patch titled
tty: Prevent untrappable signals from malicious program
to my tty git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git
in the tty-next branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will also be merged in the next major kernel release
during the merge window.
If you have any questions about this process, please let me know.
>From 37480a05685ed5b8e1b9bf5e5c53b5810258b149 Mon Sep 17 00:00:00 2001
From: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Jan 2015 13:05:03 -0500
Subject: tty: Prevent untrappable signals from malicious program
Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.
Limit to signals actually used.
Cc: Theodore Ts'o <tytso@xxxxxxx>
Cc: Howard Chu <hyc@xxxxxxxxx>
Cc: One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx>
Cc: Jiri Slaby <jslaby@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # 2.6.36+
Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/tty/pty.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
index a9d256d6e909..6e1f1505f04e 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
{
struct pid *pgrp;
+ if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
+ return -EINVAL;
+
if (tty->link) {
pgrp = tty_get_pgrp(tty->link);
if (pgrp)
--
2.2.2
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html