Use seccomp to filter out TIOCSTI ioctl

This would otherwise let the sandbox add input to the controlling tty.
flatpak · Jan 17, 2017 · 902fb71 · 902fb71
1 parent 455b681
commit 902fb71
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
@@ -26,6 +26,7 @@
 #include <unistd.h>
 #include <sys/utsname.h>
 #include <sys/socket.h>
+#include <sys/ioctl.h>
 #include <grp.h>
 
 #ifdef ENABLE_SECCOMP
@@ -3523,6 +3524,9 @@ setup_seccomp (GPtrArray *argv_array,
  {SCMP_SYS (mount)},
  {SCMP_SYS (pivot_root)},
  {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+
+ /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
  };
 
  struct