mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 08:41:15 +00:00
Kernel: Disallow assigning a TTY to an arbitrary process group ID
It was possible to send signals to processes that you were normally not allowed to send signals to, by calling ioctl(tty, TIOCSPGRP, targetpid) and then generating one of the TTY-related signals on the calling process's TTY (e.g by pressing ^C, ^Z, etc.)
This commit is contained in:
parent
d5fe839166
commit
4e394862ce
Notes:
sideshowbarker
2024-07-19 09:03:05 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/4e394862ced
|
@ -291,10 +291,19 @@ int TTY::ioctl(FileDescription&, unsigned request, unsigned arg)
|
|||
case TIOCGPGRP:
|
||||
return m_pgid;
|
||||
case TIOCSPGRP:
|
||||
// FIXME: Validate pgid fully.
|
||||
pgid = static_cast<pid_t>(arg);
|
||||
if (pgid < 0)
|
||||
if (pgid <= 0)
|
||||
return -EINVAL;
|
||||
{
|
||||
InterruptDisabler disabler;
|
||||
auto* process = Process::from_pid(pgid);
|
||||
if (!process)
|
||||
return -EPERM;
|
||||
if (pgid != process->pgid())
|
||||
return -EPERM;
|
||||
if (Process::current->sid() != process->sid())
|
||||
return -EPERM;
|
||||
}
|
||||
m_pgid = pgid;
|
||||
return 0;
|
||||
case TCGETS:
|
||||
|
|
Loading…
Reference in a new issue