From: Eugene Teo <eteo@redhat.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, Marcel Holtmann <holtmann@redhat.com>
Subject: [PATCH] Require mmap handler for a.out executables (was Re: 2.6.18-rc2-mm1)
Date: Thu, 27 Jul 2006 18:27:24 +0800 [thread overview]
Message-ID: <44C8950C.3080609@redhat.com> (raw)
In-Reply-To: <20060727015639.9c89db57.akpm@osdl.org>
Hi Andrew,
Andrew Morton wrote:
[snipped]
> - Lots of random patches. Many of them are bugfixes and I shall, as usual,
> go through them all identifying 2.6.18 material. But I can miss things, so
> please don't be afraid to point 2.6.18 candidates out to me.
[snipped]
The following patch provides better protection against people exploiting stuff
in /proc and I hope you consider it for upstream inclusion.
Thanks.
Eugene
[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable
of meeting the validity checks in ELF load_elf_*() handling because they
have no mmap handler which is required by ELF. In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.
Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
commit 1597cf8405734e4747c808bb7e04115a6670dccf
tree 49050549aee6406dab0c021c5aa4e9bfc337bd8f
parent 44eb123126d289bac398cac0232309c228386671
author Marcel Holtmann <marcel@holtmann.org> Wed, 26 Jul 2006 12:12:14 +0200
committer Marcel Holtmann <marcel@holtmann.org> Wed, 26 Jul 2006 12:12:14 +0200
fs/binfmt_aout.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index f312103..5638acf 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -278,6 +278,9 @@ static int load_aout_binary(struct linux
return -ENOEXEC;
}
+ if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+ return -ENOEXEC;
+
fd_offset = N_TXTOFF(ex);
/* Check initial limits. This avoids letting people circumvent
@@ -476,6 +479,9 @@ static int load_aout_library(struct file
goto out;
}
+ if (!file->f_op || !file->f_op->mmap)
+ goto out;
+
if (N_FLAGS(ex))
goto out;
--
eteo redhat.com ph: +65 6490 4142 http://www.kernel.org/~eugeneteo
gpg fingerprint: 47B9 90F6 AE4A 9C51 37E0 D6E1 EA84 C6A2 58DF 8823
next prev parent reply other threads:[~2006-07-27 14:14 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-27 8:56 2.6.18-rc2-mm1 Andrew Morton
2006-07-27 10:27 ` Eugene Teo [this message]
2006-07-27 11:40 ` [patch -mm] s390: remove s390 touch_nmi_watchdog() define Heiko Carstens
2006-07-27 12:26 ` 2.6.18-rc2-mm1 Frederik Deweerdt
2006-07-27 12:39 ` [patch] fix "efi_init_e820_map undefined" warning Frederik Deweerdt
2006-07-27 13:12 ` Should cpuset ABBA deadlock fix be in 2.6.18-rc2-mmx? Paul Jackson
2006-07-27 18:22 ` Andrew Morton
2006-07-27 19:32 ` Paul Jackson
2006-07-27 13:32 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-27 18:59 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-29 12:15 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-29 12:17 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 8:17 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 8:34 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-28 18:49 ` 2.6.18-rc2-mm1 Matt Helsley
2006-07-28 19:53 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 20:39 ` 2.6.18-rc2-mm1 Matt Helsley
2006-07-28 21:34 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-29 2:04 ` 2.6.18-rc2-mm1 Valdis.Kletnieks
2006-07-29 22:34 ` 2.6.18-rc2-mm1 Shailabh Nagar
2006-07-29 23:38 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 17:57 ` 2.6.18-rc2-mm1 Matt Helsley
2006-07-27 14:04 ` 2.6.18-rc2-mm1 Andy Whitcroft
2006-07-27 14:48 ` 2.6.18-rc2-mm1 Andy Whitcroft
2006-07-27 15:37 ` [PATCH] highmem: fixed ip27-memory.c build error Yoichi Yuasa
2006-07-27 18:16 ` [-mm patch] arch/i386/pci/mmconfig.c: fixes Adrian Bunk
2006-07-28 8:09 ` 2.6.18-rc2-mm1 Reuben Farrelly
2006-07-28 8:35 ` [mm-patch] bluetooth: use GFP_ATOMIC in *_sock_create's sk_alloc Frederik Deweerdt
2006-07-28 9:00 ` Marcel Holtmann
2006-07-28 12:36 ` Frederik Deweerdt
2006-07-28 9:17 ` Masatake YAMATO
2006-07-28 12:32 ` Frederik Deweerdt
2006-07-28 13:12 ` Masatake YAMATO
2006-07-28 16:15 ` [01/04 mm-patch, rfc] Add lightweight rwlock (was Re: [mm-patch] bluetooth: use GFP_ATOMIC in *_sock_create's sk_alloc) Frederik Deweerdt
2006-07-28 16:23 ` [02/04 " Frederik Deweerdt
2006-07-28 16:28 ` [03/04 mm-patch, rfc] Add lightweight rwlock to net/dccp/ccid.c " Frederik Deweerdt
2006-07-28 16:33 ` [04/04 mm-patch, rfc] Add lightweight rwlock to net/bluetooth/af_bluetooth.c " Frederik Deweerdt
2006-07-31 7:06 ` [01/04 mm-patch, rfc] Add lightweight rwlock Masatake YAMATO
2006-08-01 9:06 ` Frederik Deweerdt
2006-07-28 8:56 ` 2.6.18-rc2-mm1 Michal Piotrowski
2006-07-28 9:23 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-28 15:53 ` [PATCH] 2.6.18-rc2-mm1 i386 add_memory_region undefined Valdis.Kletnieks
2006-07-28 18:20 ` 2.6.18-rc2-mm1 - hard lockups on Dell C840 Valdis.Kletnieks
2006-07-28 18:44 ` 2.6.18-rc2-mm1 timer int 0 doesn't work Paul Fulghum
2006-07-28 21:48 ` Andrew Morton
2006-07-28 22:10 ` Paul Fulghum
2006-07-28 23:38 ` Andi Kleen
2006-07-29 0:15 ` Paul Fulghum
2006-07-29 1:16 ` Paul Fulghum
2006-07-29 1:24 ` Andrew Morton
2006-07-29 2:37 ` Paul Fulghum
2006-07-29 2:58 ` Eric W. Biederman
2006-07-29 4:03 ` Ingo Molnar
2006-07-30 23:00 ` Steven Rostedt
2006-07-29 2:36 ` Andi Kleen
2006-07-29 15:33 ` Paul Fulghum
2006-07-29 19:50 ` Eric W. Biederman
2006-07-29 22:05 ` Paul Fulghum
2006-07-31 5:31 ` Andi Kleen
2006-07-31 13:32 ` Paul Fulghum
2006-07-28 19:46 ` Kubuntu's udev broken with 2.6.18-rc2-mm1 Andrew James Wade
2006-07-27 19:56 ` Andrew Morton
2006-07-27 20:12 ` Greg KH
2006-07-28 14:33 ` Andrew James Wade
2006-07-30 14:01 ` Laurent Riffard
2006-07-31 0:03 ` Greg KH
2006-07-31 2:27 ` Andrew James Wade
2006-07-31 3:37 ` Greg KH
2006-07-31 4:22 ` Andrew Morton
2006-07-31 4:35 ` Greg KH
2006-07-31 4:50 ` Andrew Morton
2006-07-31 5:15 ` Greg KH
2006-07-31 6:00 ` Andrew Morton
2006-07-31 7:54 ` bert hubert
2006-07-31 8:30 ` Jesper Juhl
2006-07-31 11:14 ` Alan Cox
2006-07-31 8:10 ` Laurent Riffard
2006-08-01 3:01 ` Andrew James Wade
2006-07-27 21:28 ` Valdis.Kletnieks
2006-07-29 17:48 ` [-mm patch] security/selinux/hooks.c: make 4 functions static Adrian Bunk
2006-07-30 0:37 ` James Morris
2006-07-29 17:58 ` swsusp regression (s2dsk) [Was: 2.6.18-rc2-mm1] Jiri Slaby
2006-07-29 18:59 ` Rafael J. Wysocki
2006-07-29 23:06 ` Jiri Slaby
2006-07-29 23:10 ` Rafael J. Wysocki
2006-07-29 23:59 ` Jiri Slaby
2006-07-30 0:03 ` Jiri Slaby
2006-07-29 23:22 ` Pavel Machek
2006-07-29 23:58 ` Jiri Slaby
2006-07-30 0:06 ` Pavel Machek
2006-07-30 7:31 ` Rafael J. Wysocki
2006-07-30 8:08 ` Jiri Slaby
2006-07-30 9:28 ` Rafael J. Wysocki
2006-07-30 10:54 ` Jiri Slaby
2006-07-30 11:08 ` Pavel Machek
2006-07-30 11:34 ` Rafael J. Wysocki
2006-07-31 13:59 ` [Alsa-devel] " Takashi Iwai
2006-07-31 14:03 ` Pavel Machek
2006-07-30 11:36 ` James Courtier-Dutton
2006-07-30 11:35 ` 2.6.18-rc2-mm1 fails to reboot properly on Dell Latitude CPiA Christian Trefzer
2006-07-31 4:42 ` 2.6.18-rc2-mm1 Reuben Farrelly
2006-07-31 4:57 ` 2.6.18-rc2-mm1 Andrew Morton
2006-07-31 5:25 ` 2.6.18-rc2-mm1 Andi Kleen
2006-08-03 15:59 ` [2.6 patch] DVB_CORE must select I2C Adrian Bunk
2006-08-03 16:10 ` [v4l-dvb-maintainer] " Manu Abraham
2006-08-03 16:30 ` Trent Piepho
2006-08-03 19:13 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C8950C.3080609@redhat.com \
--to=eteo@redhat.com \
--cc=akpm@osdl.org \
--cc=holtmann@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox