[gnome-desktop/gnome-3-32] thumbnailer: fix incomplete TIOCSTI filtering
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-desktop/gnome-3-32] thumbnailer: fix incomplete TIOCSTI filtering
- Date: Sat, 13 Apr 2019 19:01:36 +0000 (UTC)
commit a5475e97c30682c0867bd99b78e7fe600129871a
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Sat Apr 13 13:57:36 2019 -0500
thumbnailer: fix incomplete TIOCSTI filtering
Fixes #112
See also: https://github.com/flatpak/flatpak/issues/2782
libgnome-desktop/gnome-desktop-thumbnail-script.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index 0331cb3c..8e8b8765 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
};
struct
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]