Package: shadow / 1:4.2-3+deb8u4

303-Reset-pid_child-only-if-waitpid-was-successful.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 14 May 2017 17:58:10 +0200
Subject: [PATCH] Reset pid_child only if waitpid was successful.

Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.

This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.

Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 src/su.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/su.c
+++ b/src/su.c
@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
 				/* wake child when resumed */
 				kill (pid, SIGCONT);
 				stop = false;
-			} else {
+			} else if (   (pid_t)-1 != pid) {
 				pid_child = 0;
 			}
 		} while (!stop);