mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
tty: Prevent untrappable signals from malicious program
commit 37480a05685ed5b8e1b9bf5e5c53b5810258b149 upstream.
Commit 26df6d1340 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.
Limit to signals actually used.
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Howard Chu <hyc@symas.com>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zefan Li <lizefan@huawei.com>
This commit is contained in:
Peter Hurley
Zefan Li
parent
68e9176bf7
commit
39343b5973
1 changed files with 3 additions and 0 deletions
|
|
@ -173,6 +173,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
|
|||
unsigned long flags;
|
||||
struct pid *pgrp;
|
||||
|
||||
if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
|
||||
return -EINVAL;
|
||||
|
||||
if (tty->link) {
|
||||
spin_lock_irqsave(&tty->link->ctrl_lock, flags);
|
||||
pgrp = get_pid(tty->link->pgrp);
|
||||
|
|
|
|||
Loading…
Reference in a new issue