[PATCH] Require mmap handler for a.out executables

Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable of meeting the validity checks in ELF load_elf_*() handling because they have no mmap handler which is required by ELF. In order to stop a.out executables being used as part of an exploit attack against /proc-related vulnerabilities, we make a.out executables depend on ->mmap() existing. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Eugene Teo <eteo@redhat.com> 2006-09-29 04:59:33 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-09-29 12:18:08 -0400
commit: 8454aeef6fea944ced757ff8e761b59eb3ee960f (patch)
tree: 235e366e3744cdf76381d9e8a709d7564dde94e0
parent: 563d075702454f6fa745ff8b0db605c73478078e (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index f312103434d4..517e111bb7ef 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
                return -ENOEXEC;
        }
+        /*
+         * Requires a mmap handler. This prevents people from using a.out
+         * as part of an exploit attack against /proc-related vulnerabilities.
+         */
+        if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+                return -ENOEXEC;
        fd_offset = N_TXTOFF(ex);
        /* Check initial limits. This avoids letting people circumvent
@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
                goto out;
        }
+        /*
+         * Requires a mmap handler. This prevents people from using a.out
+         * as part of an exploit attack against /proc-related vulnerabilities.
+         */
+        if (!file->f_op || !file->f_op->mmap)
+                goto out;
        if (N_FLAGS(ex))
                goto out;
author	Eugene Teo <eteo@redhat.com>	2006-09-29 04:59:33 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-09-29 12:18:08 -0400
commit	8454aeef6fea944ced757ff8e761b59eb3ee960f (patch)
tree	235e366e3744cdf76381d9e8a709d7564dde94e0
parent	563d075702454f6fa745ff8b0db605c73478078e (diff)

diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index f312103434d4..517e111bb7ef 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c
@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
278	return -ENOEXEC;	278	return -ENOEXEC;
279	}	279	}
280		280
		281	/*
		282	* Requires a mmap handler. This prevents people from using a.out
		283	* as part of an exploit attack against /proc-related vulnerabilities.
		284	*/
		285	if (!bprm->file->f_op \|\| !bprm->file->f_op->mmap)
		286	return -ENOEXEC;
		287
281	fd_offset = N_TXTOFF(ex);	288	fd_offset = N_TXTOFF(ex);
282		289
283	/* Check initial limits. This avoids letting people circumvent	290	/* Check initial limits. This avoids letting people circumvent
@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
476	goto out;	483	goto out;
477	}	484	}
478		485
		486	/*
		487	* Requires a mmap handler. This prevents people from using a.out
		488	* as part of an exploit attack against /proc-related vulnerabilities.
		489	*/
		490	if (!file->f_op \|\| !file->f_op->mmap)
		491	goto out;
		492
479	if (N_FLAGS(ex))	493	if (N_FLAGS(ex))
480	goto out;	494	goto out;
481		495