[PATCH] Require mmap handler for a.out executables

Files supported by fs/proc/base.c, i.e.  /proc/<pid>/*, are not capable of
meeting the validity checks in ELF load_elf_*() handling because they have
no mmap handler which is required by ELF.  In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.

Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 14 insertions, 0 deletions

diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index f312103434d4..517e111bb7ef 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
                 return -ENOEXEC;
         }
 
+        /*
+         * Requires a mmap handler. This prevents people from using a.out
+         * as part of an exploit attack against /proc-related vulnerabilities.
+         */
+        if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+                return -ENOEXEC;
+
         fd_offset = N_TXTOFF(ex);
 
         /* Check initial limits. This avoids letting people circumvent
@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
                 goto out;
         }
 
+        /*
+         * Requires a mmap handler. This prevents people from using a.out
+         * as part of an exploit attack against /proc-related vulnerabilities.
+         */
+        if (!file->f_op || !file->f_op->mmap)
+                goto out;
+
         if (N_FLAGS(ex))
                 goto out;