Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.Limit to signals actually used. Cc: Theodore Ts'o <[email protected]> Cc: Howard Chu <[email protected]> Cc: One Thousand Gnomes <[email protected]> Cc: Jiri Slaby <[email protected]> Cc: <[email protected]> # 2.6.36+ Signed-off-by: Peter Hurley <[email protected]> --- v2: Fixed stupidity. drivers/tty/pty.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c index a9d256d..6e1f150 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c @@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig) { struct pid *pgrp; + if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP) + return -EINVAL; + if (tty->link) { pgrp = tty_get_pgrp(tty->link); if (pgrp) -- 2.2.2 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
