thumbnailer: fix incomplete TIOCSTI filtering

Fixes #112 See also: https://github.com/flatpak/flatpak/issues/2782
author: Michael Catanzaro <mcatanzaro@igalia.com> 2019-04-13 13:57:36 -0500
committer: Michael Catanzaro <mcatanzaro@igalia.com> 2019-04-13 13:59:49 -0500
commit: e3dca7d49bf179f98ac114cad9f4d4889f75d90c (patch)
tree: eb41c70835927c49b64d524c245870baa6ed6b28 /libgnome-desktop/gnome-desktop-thumbnail-script.c
parent: 74f8064291a492f05aaf47dd49d20bb7d89fc0df (diff)
download: gnome-desktop-e3dca7d49bf179f98ac114cad9f4d4889f75d90c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index 0331cb3c..8e8b8765 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray  *argv_array,
     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
 
     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
-    {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
+    {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
   };
 
   struct
author	Michael Catanzaro <mcatanzaro@igalia.com>	2019-04-13 13:57:36 -0500
committer	Michael Catanzaro <mcatanzaro@igalia.com>	2019-04-13 13:59:49 -0500
commit	e3dca7d49bf179f98ac114cad9f4d4889f75d90c (patch)
tree	eb41c70835927c49b64d524c245870baa6ed6b28 /libgnome-desktop/gnome-desktop-thumbnail-script.c
parent	74f8064291a492f05aaf47dd49d20bb7d89fc0df (diff)
download	gnome-desktop-e3dca7d49bf179f98ac114cad9f4d4889f75d90c.tar.gz