This is a note to let you know that I've just added the patch titled
tty: Prevent untrappable signals from malicious program
to my tty git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git
in the tty-testing branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will be merged to the tty-next branch sometime soon,
after it passes testing, and the merge window is open.
If you have any questions about this process, please let me know.
>From 3c55bfdf9daa46358e0253468c5766060fece935 Mon Sep 17 00:00:00 2001
From: Peter Hurley <[email protected]>
Date: Mon, 19 Jan 2015 13:05:03 -0500
Subject: tty: Prevent untrappable signals from malicious program
Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.
Limit to signals actually used.
Cc: Theodore Ts'o <[email protected]>
Cc: Howard Chu <[email protected]>
Cc: One Thousand Gnomes <[email protected]>
Cc: Jiri Slaby <[email protected]>
Cc: <[email protected]> # 2.6.36+
Signed-off-by: Peter Hurley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/tty/pty.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
index a9d256d6e909..6e1f1505f04e 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -210,6 +210,9 @@ static int pty_signal(struct tty_struct *tty, int sig)
{
struct pid *pgrp;
+ if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
+ return -EINVAL;
+
if (tty->link) {
pgrp = tty_get_pgrp(tty->link);
if (pgrp)
--
2.2.2
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
