CC-tea/screen
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/screen.git synced 2026-02-11 09:52:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Missing signal sending permission check on failed query messages

Browse Source 
When run as setuid root, one can send a query message to the
privileged screen process via its unix socket in order to force
it to send SIGHUP to a PID that can be freely specified in the
query packet.
Processes that do not explicitly handle SIGHUP will simply terminate.

Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
This commit is contained in:
Alexander Naumov
2023-02-01 13:47:57 +02:00
parent f0f64c4189
commit 6df4a48ff6
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/socket.c
View File

@@ -865,9 +865,13 @@ void ReceiveMsg(void)
close(s);
} else
queryflag = -1;
Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */
queryflag = -1;
if (CheckPid(m.m.command.apid)) {
Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
}
else {
Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */
queryflag = -1;
}
}
break;
case MSG_COMMAND: