fix CVE-2023-24626
This commit is contained in:
hongjinghao
parent
46d582a5cb
commit
8868f7f1b1
43
backport-CVE-2023-24626.patch
Normal file
43
backport-CVE-2023-24626.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From 6df4a48ff6b31bedc2d0216b84dbe66cf9ca5e23 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Naumov <alexander_naumov@opensuse.org>
|
||||||
|
Date: Wed, 1 Feb 2023 13:47:57 +0200
|
||||||
|
Subject: [PATCH] Missing signal sending permission check on failed query
|
||||||
|
messages
|
||||||
|
|
||||||
|
When run as setuid root, one can send a query message to the
|
||||||
|
privileged screen process via its unix socket in order to force
|
||||||
|
it to send SIGHUP to a PID that can be freely specified in the
|
||||||
|
query packet.
|
||||||
|
Processes that do not explicitly handle SIGHUP will simply terminate
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
|
||||||
|
---
|
||||||
|
socket.c | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/socket.c b/socket.c
|
||||||
|
index bb68b35..0a575cf 100644
|
||||||
|
--- a/socket.c
|
||||||
|
+++ b/socket.c
|
||||||
|
@@ -1285,11 +1285,16 @@ ReceiveMsg()
|
||||||
|
else
|
||||||
|
queryflag = -1;
|
||||||
|
|
||||||
|
- Kill(m.m.command.apid,
|
||||||
|
+ if (CheckPid(m.m.command.apid)) {
|
||||||
|
+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ Kill(m.m.command.apid,
|
||||||
|
(queryflag >= 0)
|
||||||
|
? SIGCONT
|
||||||
|
: SIG_BYE); /* Send SIG_BYE if an error happened */
|
||||||
|
- queryflag = -1;
|
||||||
|
+ queryflag = -1;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case MSG_COMMAND:
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: screen
|
Name: screen
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 4.9.0
|
Version: 4.9.0
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: A full-screen window manager
|
Summary: A full-screen window manager
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: http://www.gnu.org/software/screen
|
URL: http://www.gnu.org/software/screen
|
||||||
@ -13,6 +13,8 @@ Patch2: screen-E3.patch
|
|||||||
Patch3: screen-4.3.1-suppress_remap.patch
|
Patch3: screen-4.3.1-suppress_remap.patch
|
||||||
Patch4: screen-4.3.1-crypt.patch
|
Patch4: screen-4.3.1-crypt.patch
|
||||||
|
|
||||||
|
Patch6001: backport-CVE-2023-24626.patch
|
||||||
|
|
||||||
BuildRequires: automake autoconf gcc ncurses-devel texinfo
|
BuildRequires: automake autoconf gcc ncurses-devel texinfo
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
Requires: shadow-utils
|
Requires: shadow-utils
|
||||||
@ -97,6 +99,9 @@ fi
|
|||||||
%{_infodir}/screen.info*
|
%{_infodir}/screen.info*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 19 2023 hongjinghao <hongjinghao@huawei.com> - 1:4.9.0-2
|
||||||
|
- fix CVE-2023-24626
|
||||||
|
|
||||||
* Fri Oct 21 2022 hongjinghao <hongjinghao@huawei.com> - 1:4.9.0-1
|
* Fri Oct 21 2022 hongjinghao <hongjinghao@huawei.com> - 1:4.9.0-1
|
||||||
- update to 4.9.0
|
- update to 4.9.0
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user