Message ID | 1702628933-6070-1-git-send-email-quic_zijuhu@quicinc.com |
---|---|
State | New |
Headers | show |
Series | [v1] tty: Fix a security issue related to tty-ldisc module loading | expand |
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index 3f68e213df1f..b490c0adf00f 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -150,7 +150,7 @@ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc) */ ldops = get_ldops(disc); if (IS_ERR(ldops)) { - if (!capable(CAP_SYS_MODULE) && !tty_ldisc_autoload) + if (!capable(CAP_SYS_MODULE) || !tty_ldisc_autoload) return ERR_PTR(-EPERM); request_module("tty-ldisc-%d", disc); ldops = get_ldops(disc);
Function tty_ldisc_get() has a simple logical error and may cause tty-ldisc module to be loaded by a user without CAP_SYS_MODULE, this security issue is fixed by correcting the logical error. Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com> --- drivers/tty/tty_ldisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)