| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 May 2007 22:44:35 +0400 From: Oleg Nesterov <oleg@...sign.ru> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Satoru Takeuchi <takeuchi_satoru@...fujitsu.com>, Roland McGrath <roland@...hat.com>, linux-kernel@...r.kernel.org Subject: [PATCH] tty: fix leakage of -ERESTARTSYS to userland Spotted by Satoru Takeuchi. kill_pgrp(task_pgrp(current)) sends the signal to the current's thread group, but can choose any sub-thread as a target for signal_wake_up(). This means that job_control() and tty_check_change() may return -ERESTARTSYS without signal_pending(). Signed-off-by: Oleg Nesterov <oleg@...sign.ru> --- t/drivers/char/n_tty.c~ 2007-04-05 12:18:26.000000000 +0400 +++ t/drivers/char/n_tty.c 2007-05-28 10:57:58.000000000 +0400 @@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct is_current_pgrp_orphaned()) return -EIO; kill_pgrp(task_pgrp(current), SIGTTIN, 1); + set_thread_flag(TIF_SIGPENDING); return -ERESTARTSYS; } } --- t/drivers/char/tty_io.c~ 2007-04-05 12:18:26.000000000 +0400 +++ t/drivers/char/tty_io.c 2007-05-29 22:15:52.000000000 +0400 @@ -1121,7 +1121,8 @@ int tty_check_change(struct tty_struct * return 0; if (is_current_pgrp_orphaned()) return -EIO; - (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1); + kill_pgrp(task_pgrp(current), SIGTTOU, 1); + set_thread_flag(TIF_SIGPENDING); return -ERESTARTSYS; } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists