aboutsummaryrefslogtreecommitdiffstats
path: root/fs/binfmt_aout.c
diff options
context:
space:
mode:
authorEugene Teo <eteo@redhat.com>2006-09-29 04:59:33 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-29 12:18:08 -0400
commit8454aeef6fea944ced757ff8e761b59eb3ee960f (patch)
tree235e366e3744cdf76381d9e8a709d7564dde94e0 /fs/binfmt_aout.c
parent563d075702454f6fa745ff8b0db605c73478078e (diff)
[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable of meeting the validity checks in ELF load_elf_*() handling because they have no mmap handler which is required by ELF. In order to stop a.out executables being used as part of an exploit attack against /proc-related vulnerabilities, we make a.out executables depend on ->mmap() existing. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/binfmt_aout.c')
-rw-r--r--fs/binfmt_aout.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index f312103434d4..517e111bb7ef 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
278 return -ENOEXEC; 278 return -ENOEXEC;
279 } 279 }
280 280
281 /*
282 * Requires a mmap handler. This prevents people from using a.out
283 * as part of an exploit attack against /proc-related vulnerabilities.
284 */
285 if (!bprm->file->f_op || !bprm->file->f_op->mmap)
286 return -ENOEXEC;
287
281 fd_offset = N_TXTOFF(ex); 288 fd_offset = N_TXTOFF(ex);
282 289
283 /* Check initial limits. This avoids letting people circumvent 290 /* Check initial limits. This avoids letting people circumvent
@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
476 goto out; 483 goto out;
477 } 484 }
478 485
486 /*
487 * Requires a mmap handler. This prevents people from using a.out
488 * as part of an exploit attack against /proc-related vulnerabilities.
489 */
490 if (!file->f_op || !file->f_op->mmap)
491 goto out;
492
479 if (N_FLAGS(ex)) 493 if (N_FLAGS(ex))
480 goto out; 494 goto out;
481 495