Fix CVE-2017-2616: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 http://seclists.org/oss-sec/2017/q1/474 Patch copied from upstream source repository: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891 From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Wed, 1 Feb 2017 11:58:09 +0100 Subject: [PATCH] su: properly clear child PID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported-by: Tobias Stöckmann Signed-off-by: Karel Zak --- login-utils/su-common.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/login-utils/su-common.c b/login-utils/su-common.c index 0ea4e40bd..b1720f037 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -376,6 +376,9 @@ create_watching_parent (void) } else status = WEXITSTATUS (status); + + /* child is gone, don't use the PID anymore */ + child = (pid_t) -1; } else if (caught_signal) status = caught_signal + 128; @@ -385,7 +388,7 @@ create_watching_parent (void) else status = 1; - if (caught_signal) + if (caught_signal && child != (pid_t)-1) { fprintf (stderr, _("\nSession terminated, killing shell...")); kill (child, SIGTERM); @@ -395,9 +398,12 @@ create_watching_parent (void) if (caught_signal) { - sleep (2); - kill (child, SIGKILL); - fprintf (stderr, _(" ...killed.\n")); + if (child != (pid_t)-1) + { + sleep (2); + kill (child, SIGKILL); + fprintf (stderr, _(" ...killed.\n")); + } /* Let's terminate itself with the received signal. * -- 2.11.1