| commit | 6df4a48ff6b31bedc2d0216b84dbe66cf9ca5e23 | |
| author | Alexander Naumov <alexander_naumov@opensuse.org> | |
| Wed, 1 Feb 2023 11:47:57 +0000 (1 13:47 +0200) | ||
| committer | Alexander Naumov <alexander_naumov@opensuse.org> | |
| Wed, 1 Feb 2023 11:47:57 +0000 (1 13:47 +0200) | ||
| tree | 07426a8352dbdda5c1b7ce263e4458b36566a993 | treesnapshot (tar.gz zip) |
| parent | f0f64c4189a3d6b564282600a6432ce87abbec25 | commitdiff |
Missing signal sending permission check on failed query messages
When run as setuid root, one can send a query message to the
privileged screen process via its unix socket in order to force
it to send SIGHUP to a PID that can be freely specified in the
query packet.
Processes that do not explicitly handle SIGHUP will simply terminate.
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
When run as setuid root, one can send a query message to the
privileged screen process via its unix socket in order to force
it to send SIGHUP to a PID that can be freely specified in the
query packet.
Processes that do not explicitly handle SIGHUP will simply terminate.
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
| src/socket.c | diffblobblamehistory |