aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHugh Dickins <hugh@veritas.com>2009-03-28 19:16:03 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-03-28 20:30:00 -0400
commit53e9309e01277ec99c38e84e0ca16921287cf470 (patch)
treebc70d617e1898e5b0fdf161edafa1808ae8fa529
parent07d43ba98621f08e252a48c96b258b4d572b0257 (diff)
compat_do_execve should unshare_files
2.6.26's commit fd8328be874f4190a811c58cd4778ec2c74d2c05 "sanitize handling of shared descriptor tables in failing execve()" moved the unshare_files() from flush_old_exec() and several binfmts to the head of do_execve(); but forgot to make the same change to compat_do_execve(), leaving a CLONE_FILES files_struct shared across exec from a 32-bit process on a 64-bit kernel. It's arguable whether the files_struct really ought to be unshared across exec; but 2.6.1 made that so to stop the loading binary's fd leaking into other threads, and a 32-bit process on a 64-bit kernel ought to behave in the same way as 32 on 32 and 64 on 64. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/compat.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/fs/compat.c b/fs/compat.c
index 5e374aad33f7..b543363dd625 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1420,12 +1420,17 @@ int compat_do_execve(char * filename,
1420{ 1420{
1421 struct linux_binprm *bprm; 1421 struct linux_binprm *bprm;
1422 struct file *file; 1422 struct file *file;
1423 struct files_struct *displaced;
1423 int retval; 1424 int retval;
1424 1425
1426 retval = unshare_files(&displaced);
1427 if (retval)
1428 goto out_ret;
1429
1425 retval = -ENOMEM; 1430 retval = -ENOMEM;
1426 bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); 1431 bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
1427 if (!bprm) 1432 if (!bprm)
1428 goto out_ret; 1433 goto out_files;
1429 1434
1430 retval = mutex_lock_interruptible(&current->cred_exec_mutex); 1435 retval = mutex_lock_interruptible(&current->cred_exec_mutex);
1431 if (retval < 0) 1436 if (retval < 0)
@@ -1487,6 +1492,8 @@ int compat_do_execve(char * filename,
1487 mutex_unlock(&current->cred_exec_mutex); 1492 mutex_unlock(&current->cred_exec_mutex);
1488 acct_update_integrals(current); 1493 acct_update_integrals(current);
1489 free_bprm(bprm); 1494 free_bprm(bprm);
1495 if (displaced)
1496 put_files_struct(displaced);
1490 return retval; 1497 return retval;
1491 1498
1492out: 1499out:
@@ -1506,6 +1513,9 @@ out_unlock:
1506out_free: 1513out_free:
1507 free_bprm(bprm); 1514 free_bprm(bprm);
1508 1515
1516out_files:
1517 if (displaced)
1518 reset_files_struct(displaced);
1509out_ret: 1519out_ret:
1510 return retval; 1520 return retval;
1511} 1521}