Blame SOURCES/flatpak-1.0.2-CVE-2019-10063.patch
|
 |
b14014 |
From 9686b3007afb15162cb2b5ca3219d906cc849a60 Mon Sep 17 00:00:00 2001
|
|
|
b14014 |
From: Ryan Gonzalez <rymg19@gmail.com>
|
|
|
b14014 |
Date: Mon, 25 Mar 2019 13:00:15 -0500
|
|
|
b14014 |
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
|
|
|
b14014 |
|
|
|
b14014 |
Closes #2782.
|
|
|
b14014 |
|
|
|
b14014 |
Closes: #2783
|
|
|
b14014 |
Approved by: alexlarsson
|
|
|
b14014 |
---
|
|
|
b14014 |
common/flatpak-run.c | 2 +-
|
|
|
b14014 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
b14014 |
|
|
|
b14014 |
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
|
|
|
b14014 |
index b4f2c475..0e6b3141 100644
|
|
|
b14014 |
--- a/common/flatpak-run.c
|
|
|
b14014 |
+++ b/common/flatpak-run.c
|
|
|
b14014 |
@@ -2122,7 +2122,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
|
|
|
b14014 |
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
|
|
|
b14014 |
|
|
|
b14014 |
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
|
|
|
b14014 |
- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
|
|
|
b14014 |
+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
|
|
|
b14014 |
};
|
|
|
b14014 |
|
|
|
b14014 |
struct
|
|
|
b14014 |
--
|
|
|
b14014 |
2.21.0
|
|
|
b14014 |
|