packages/flatpak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
flatpak/CVE-2019-10063.patch
Jiayi Yin e013179427 init
2025-03-16 16:10:18 +00:00

27 lines
896 B
Diff
Raw Permalink Blame History

From a9107feeb4b8275b78965b36bf21b92d5724699e Mon Sep 17 00:00:00 2001
From: Ryan Gonzalez <rymg19@gmail.com>
Date: Mon, 25 Mar 2019 13:00:15 -0500
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
Closes #2782.
Closes: #2783
Approved by: alexlarsson
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 42e8bc05c6..b03c215bf2 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2475,7 +2475,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
};
struct
Reference in New Issue View Git Blame Copy Permalink