Patch "tty: Prevent untrappable signals from malicious program" has been added to the 3.14-stable tree

Sat, 28 Feb 2015 20:03:07 -0800 

This is a note to let you know that I've just added the patch titled

    tty: Prevent untrappable signals from malicious program

to the 3.14-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tty-prevent-untrappable-signals-from-malicious-program.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From 37480a05685ed5b8e1b9bf5e5c53b5810258b149 Mon Sep 17 00:00:00 2001
From: Peter Hurley <[email protected]>
Date: Mon, 19 Jan 2015 13:05:03 -0500
Subject: tty: Prevent untrappable signals from malicious program

From: Peter Hurley <[email protected]>

commit 37480a05685ed5b8e1b9bf5e5c53b5810258b149 upstream.

Commit 26df6d13406d1a5 ("tty: Add EXTPROC support for LINEMODE")
allows a process which has opened a pty master to send _any_ signal
to the process group of the pty slave. Although potentially
exploitable by a malicious program running a setuid program on
a pty slave, it's unknown if this exploit currently exists.

Limit to signals actually used.

Cc: Theodore Ts'o <[email protected]>
Cc: Howard Chu <[email protected]>
Cc: One Thousand Gnomes <[email protected]>
Cc: Jiri Slaby <[email protected]>
Signed-off-by: Peter Hurley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 drivers/tty/pty.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -209,6 +209,9 @@ static int pty_signal(struct tty_struct
        unsigned long flags;
        struct pid *pgrp;
 
+       if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
+               return -EINVAL;
+
        if (tty->link) {
                spin_lock_irqsave(&tty->link->ctrl_lock, flags);
                pgrp = get_pid(tty->link->pgrp);


Patches currently in stable-queue which might be from [email protected] 
are

queue-3.14/tty-prevent-untrappable-signals-from-malicious-program.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to