1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From 83949ed5800ec99953f5ee8d2bf8b90a69daa850 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sat, 13 Apr 2019 13:57:36 -0500
Subject: [PATCH] thumbnailer: fix incomplete TIOCSTI filtering
Fixes #112
See also: https://github.com/flatpak/flatpak/issues/2782
---
libgnome-desktop/gnome-desktop-thumbnail-script.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
leio: Adjusted to apply to nautilus copy
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index 9468b51c..3b3d1ea9 100644
--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
};
struct
--
2.20.1
|