From fc607a6c1b3743cf1b64ed341cc88494dfb39576 Mon Sep 17 00:00:00 2001
From: tg <tg@mirbsd.org>
Date: Fri, 11 Apr 2008 19:55:24 +0000
Subject: [PATCH] =?UTF-8?q?SECURITY=20fix:=20when=20spawning=20mksh=20on?=
 =?UTF-8?q?=20a=20new=20terminal=20(tty,=20not=20/dev/null),=20flush=20all?=
 =?UTF-8?q?=20of=20its=20I/O=20first=20=E2=80=93=20someone=20could=20have?=
 =?UTF-8?q?=20written=20on=20it=20beforehand?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 check.t |  4 ++--
 misc.c  | 14 +++++++++-----
 sh.h    |  4 ++--
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/check.t b/check.t
index 6fc98a5..323f156 100644
--- a/check.t
+++ b/check.t
@@ -1,4 +1,4 @@
-# $MirOS: src/bin/mksh/check.t,v 1.173 2008/04/02 17:09:45 tg Exp $
+# $MirOS: src/bin/mksh/check.t,v 1.174 2008/04/11 19:55:23 tg Exp $
 # $OpenBSD: bksl-nl.t,v 1.2 2001/01/28 23:04:56 niklas Exp $
 # $OpenBSD: history.t,v 1.5 2001/01/28 23:04:56 niklas Exp $
 # $OpenBSD: read.t,v 1.3 2003/03/10 03:48:16 david Exp $
@@ -7,7 +7,7 @@
 # http://www.research.att.com/~gsf/public/ifs.sh
 
 expected-stdout:
-	@(#)MIRBSD KSH R33 2008/04/01
+	@(#)MIRBSD KSH R33 2008/04/11
 description:
 	Check version of shell.
 category: pdksh
diff --git a/misc.c b/misc.c
index daaad68..80e0de8 100644
--- a/misc.c
+++ b/misc.c
@@ -6,7 +6,7 @@
 #include <grp.h>
 #endif
 
-__RCSID("$MirOS: src/bin/mksh/misc.c,v 1.71 2008/04/01 21:50:58 tg Exp $\t"
+__RCSID("$MirOS: src/bin/mksh/misc.c,v 1.72 2008/04/11 19:55:23 tg Exp $\t"
 	MKSH_SH_H_ID);
 
 #undef USE_CHVT
@@ -1370,16 +1370,20 @@ chvt(const char *fn)
 	}
 	switch (fork()) {
 	case -1:
-		errorf("fork failed");
+		errorf("chvt: %s failed", "fork");
 	case 0:
 		break;
 	default:
 		exit(0);
 	}
 	if (setsid() == -1)
-		errorf("chvt: setsid failed");
-	if ((fn != dv + 1) && ioctl(fd, TIOCSCTTY, NULL) == -1)
-		errorf("chvt: TIOCSCTTY failed");
+		errorf("chvt: %s failed", "setsid");
+	if (fn != dv + 1) {
+		if (ioctl(fd, TIOCSCTTY, NULL) == -1)
+			errorf("chvt: %s failed", "TIOCSCTTY");
+		if (tcflush(fd, TCIOFLUSH))
+			errorf("chvt: %s failed", "TCIOFLUSH");
+	}
 	ksh_dup2(fd, 0, false);
 	ksh_dup2(fd, 1, false);
 	ksh_dup2(fd, 2, false);
diff --git a/sh.h b/sh.h
index cb92138..3a90cc6 100644
--- a/sh.h
+++ b/sh.h
@@ -8,8 +8,8 @@
 /*	$OpenBSD: c_test.h,v 1.4 2004/12/20 11:34:26 otto Exp $	*/
 /*	$OpenBSD: tty.h,v 1.5 2004/12/20 11:34:26 otto Exp $	*/
 
-#define MKSH_SH_H_ID "$MirOS: src/bin/mksh/sh.h,v 1.203 2008/04/06 23:27:19 tg Exp $"
-#define MKSH_VERSION "R33 2008/04/01"
+#define MKSH_SH_H_ID "$MirOS: src/bin/mksh/sh.h,v 1.204 2008/04/11 19:55:24 tg Exp $"
+#define MKSH_VERSION "R33 2008/04/11"
 
 #if HAVE_SYS_PARAM_H
 #include <sys/param.h>