Blame SOURCES/flatpak-1.0.6-CVE-2019-10063.patch
|
 |
17c0d0 |
From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001
|
|
|
17c0d0 |
From: Ryan Gonzalez <rymg19@gmail.com>
|
|
|
17c0d0 |
Date: Mon, 25 Mar 2019 13:00:15 -0500
|
|
|
17c0d0 |
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
|
|
|
17c0d0 |
|
|
|
17c0d0 |
Closes #2782.
|
|
|
17c0d0 |
|
|
|
17c0d0 |
Closes: #2783
|
|
|
17c0d0 |
Approved by: alexlarsson
|
|
|
17c0d0 |
---
|
|
|
17c0d0 |
common/flatpak-run.c | 2 +-
|
|
|
17c0d0 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
17c0d0 |
|
|
|
17c0d0 |
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
|
|
|
17c0d0 |
index 90b435fe..d1acd9f2 100644
|
|
|
17c0d0 |
--- a/common/flatpak-run.c
|
|
|
17c0d0 |
+++ b/common/flatpak-run.c
|
|
|
17c0d0 |
@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
|
|
|
17c0d0 |
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
|
|
|
17c0d0 |
|
|
|
17c0d0 |
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
|
|
|
17c0d0 |
- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
|
|
|
17c0d0 |
+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
|
|
|
17c0d0 |
};
|
|
|
17c0d0 |
|
|
|
17c0d0 |
struct
|
|
|
17c0d0 |
--
|
|
|
17c0d0 |
2.21.0
|
|
|
17c0d0 |
|