On Fri, 2004-12-24 at 02:24 -0500, Andres Salomon wrote: > Hi, > > A few potential vulnerabilities were pointed out by Katrina Tsipenyuk in > . I haven't > seen any discussion or fixes of the issue yet, so here's a patch > (against 2.6.9). The fixes are along the same lines as the previous > binfmt_elf fixes. There's one additional place (inside fs/binfmt_som.c) > that a fix could be applied, but since that doesn't compile anyways, I > didn't see a point in patching it. > > Ok, you can ignore this; I believe the original advisory is bogus. prepare_binprm ensures a 128 byte buffer that kernel_read data is copied to; in case something smaller is copied in, the rest of the space is zero'd out. Thus, <128 reads are fine, and in many cases (as in binfmt_script w/ tiny scripts less than 128 bytes in total) perfectly valid. -- Andres Salomon