Skip to content
Permalink
Browse files

run: Only compare the lowest 32 ioctl arg bits for TIOCSTI

Closes flatpak#2782.
  • Loading branch information...
refi64 committed Mar 25, 2019
1 parent e8e8611 commit 6263a43397123c50110943d50efc2f8c55651198
Showing with 1 addition and 1 deletion.
  1. +1 −1 common/flatpak-run.c
@@ -2475,7 +2475,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},

/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
{SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
{SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
};

struct

0 comments on commit 6263a43

Please sign in to comment.
You can’t perform that action at this time.