Projects
openEuler:Mainline
screen
_service:tar_scm:backport-CVE-2023-24626.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2023-24626.patch of Package screen
From 6df4a48ff6b31bedc2d0216b84dbe66cf9ca5e23 Mon Sep 17 00:00:00 2001 From: Alexander Naumov <alexander_naumov@opensuse.org> Date: Wed, 1 Feb 2023 13:47:57 +0200 Subject: [PATCH] Missing signal sending permission check on failed query messages When run as setuid root, one can send a query message to the privileged screen process via its unix socket in order to force it to send SIGHUP to a PID that can be freely specified in the query packet. Processes that do not explicitly handle SIGHUP will simply terminate Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> --- socket.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/socket.c b/socket.c index bb68b35..0a575cf 100644 --- a/socket.c +++ b/socket.c @@ -1285,11 +1285,16 @@ ReceiveMsg() else queryflag = -1; - Kill(m.m.command.apid, + if (CheckPid(m.m.command.apid)) { + Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); + } + else { + Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */ - queryflag = -1; + queryflag = -1; + } } break; case MSG_COMMAND: -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2