run: Only compare the lowest 32 ioctl arg bits for TIOCSTI

Closes #2782. Closes: #2783 Approved by: alexlarsson (cherry picked from commit a9107fe)
flatpak · Mar 26, 2019 · 8e0aaf4 · 8e0aaf4
1 parent 43fc48e
commit 8e0aaf4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
@@ -2394,7 +2394,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
 
     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
-    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
   };
 
   struct