diff options
| author | Alexander Naumov <alexander_naumov@opensuse.org> | 2023-02-01 13:47:57 +0200 |
|---|---|---|
| committer | Alexander Naumov <alexander_naumov@opensuse.org> | 2023-02-01 13:47:57 +0200 |
| commit | 6df4a48ff6b31bedc2d0216b84dbe66cf9ca5e23 (patch) | |
| tree | 07426a8352dbdda5c1b7ce263e4458b36566a993 | |
| parent | f0f64c4189a3d6b564282600a6432ce87abbec25 (diff) | |
| download | screen-6df4a48ff6b31bedc2d0216b84dbe66cf9ca5e23.tar.gz | |
When run as setuid root, one can send a query message to the
privileged screen process via its unix socket in order to force
it to send SIGHUP to a PID that can be freely specified in the
query packet.
Processes that do not explicitly handle SIGHUP will simply terminate.
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
| -rw-r--r-- | src/socket.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/socket.c b/src/socket.c index 7ba231a..78efc97 100644 --- a/src/socket.c +++ b/src/socket.c @@ -865,9 +865,13 @@ void ReceiveMsg(void) close(s); } else queryflag = -1; - - Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */ - queryflag = -1; + if (CheckPid(m.m.command.apid)) { + Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); + } + else { + Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */ + queryflag = -1; + } } break; case MSG_COMMAND: |