mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-24 10:22:05 -05:00
Code Issues Projects Releases Packages Wiki Activity

Kernel: Disallow assigning a TTY to an arbitrary process group ID

Browse source 
It was possible to send signals to processes that you were normally not
allowed to send signals to, by calling ioctl(tty, TIOCSPGRP, targetpid)
and then generating one of the TTY-related signals on the calling
process's TTY (e.g by pressing ^C, ^Z, etc.)
This commit is contained in:
Andreas Kling 2020-02-26 21:33:14 +01:00
parent d5fe839166
commit 4e394862ce
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Kernel/TTY/TTY.cpp
View file

@ -291,10 +291,19 @@ int TTY::ioctl(FileDescription&, unsigned request, unsigned arg)
case TIOCGPGRP:
return m_pgid;
case TIOCSPGRP:
// FIXME: Validate pgid fully.
pgid = static_cast<pid_t>(arg);
if (pgid < 0)
if (pgid <= 0)
return -EINVAL;
{
InterruptDisabler disabler;
auto* process = Process::from_pid(pgid);
if (!process)
return -EPERM;
if (pgid != process->pgid())
return -EPERM;
if (Process::current->sid() != process->sid())
return -EPERM;
}
m_pgid = pgid;
return 0;
case TCGETS: