diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2005-05-11 03:10:44 -0400 |
---|---|---|
committer | Greg KH <gregkh@suse.de> | 2005-05-17 00:07:05 -0400 |
commit | a84a505956f5c795a9ab3d60d97b6b91a27aa571 (patch) | |
tree | 440fdf47fcddf8b0d615667b418981a511d16e30 /fs/binfmt_elf.c | |
parent | d3f0fcec2d50a18a84c4f3dd7683206ed37ca009 (diff) |
[PATCH] fix Linux kernel ELF core dump privilege elevation
As reported by Paul Starzetz <ihaquer@isec.pl>
Reference: CAN-2005-1263
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs/binfmt_elf.c')
-rw-r--r-- | fs/binfmt_elf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index ce9423bb2de3..c374be51b041 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
@@ -251,7 +251,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, | |||
251 | } | 251 | } |
252 | 252 | ||
253 | /* Populate argv and envp */ | 253 | /* Populate argv and envp */ |
254 | p = current->mm->arg_start; | 254 | p = current->mm->arg_end = current->mm->arg_start; |
255 | while (argc-- > 0) { | 255 | while (argc-- > 0) { |
256 | size_t len; | 256 | size_t len; |
257 | __put_user((elf_addr_t)p, argv++); | 257 | __put_user((elf_addr_t)p, argv++); |
@@ -1301,7 +1301,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
1301 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1301 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
1302 | struct mm_struct *mm) | 1302 | struct mm_struct *mm) |
1303 | { | 1303 | { |
1304 | int i, len; | 1304 | unsigned int i, len; |
1305 | 1305 | ||
1306 | /* first copy the parameters from user space */ | 1306 | /* first copy the parameters from user space */ |
1307 | memset(psinfo, 0, sizeof(struct elf_prpsinfo)); | 1307 | memset(psinfo, 0, sizeof(struct elf_prpsinfo)); |