Skip to content

Commit

Permalink
run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
Browse files Browse the repository at this point in the history 
Closes #2782.

Closes: #2783
Approved by: alexlarsson
  • Loading branch information
@refi64 @rh-atomic-bot
refi64 authored and rh-atomic-bot committed Mar 26, 2019
1 parent e8e8611 commit a9107fe
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion common/flatpak-run.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2475,7 +2475,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},

/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
{SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
{SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
};

struct
Expand Down

0 comments on commit a9107fe

Please sign in to comment.