diff options
author | Eugene Teo <eteo@redhat.com> | 2006-09-29 04:59:33 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-29 12:18:08 -0400 |
commit | 8454aeef6fea944ced757ff8e761b59eb3ee960f (patch) | |
tree | 235e366e3744cdf76381d9e8a709d7564dde94e0 | |
parent | 563d075702454f6fa745ff8b0db605c73478078e (diff) |
[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable of
meeting the validity checks in ELF load_elf_*() handling because they have
no mmap handler which is required by ELF. In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.
Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/binfmt_aout.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index f312103434d4..517e111bb7ef 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c | |||
@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
278 | return -ENOEXEC; | 278 | return -ENOEXEC; |
279 | } | 279 | } |
280 | 280 | ||
281 | /* | ||
282 | * Requires a mmap handler. This prevents people from using a.out | ||
283 | * as part of an exploit attack against /proc-related vulnerabilities. | ||
284 | */ | ||
285 | if (!bprm->file->f_op || !bprm->file->f_op->mmap) | ||
286 | return -ENOEXEC; | ||
287 | |||
281 | fd_offset = N_TXTOFF(ex); | 288 | fd_offset = N_TXTOFF(ex); |
282 | 289 | ||
283 | /* Check initial limits. This avoids letting people circumvent | 290 | /* Check initial limits. This avoids letting people circumvent |
@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file) | |||
476 | goto out; | 483 | goto out; |
477 | } | 484 | } |
478 | 485 | ||
486 | /* | ||
487 | * Requires a mmap handler. This prevents people from using a.out | ||
488 | * as part of an exploit attack against /proc-related vulnerabilities. | ||
489 | */ | ||
490 | if (!file->f_op || !file->f_op->mmap) | ||
491 | goto out; | ||
492 | |||
479 | if (N_FLAGS(ex)) | 493 | if (N_FLAGS(ex)) |
480 | goto out; | 494 | goto out; |
481 | 495 | ||