Commit 8454aeef authored by Eugene Teo's avatar Eugene Teo Committed by Linus Torvalds

[PATCH] Require mmap handler for a.out executables

Files supported by fs/proc/base.c, i.e.  /proc/<pid>/*, are not capable of
meeting the validity checks in ELF load_elf_*() handling because they have
no mmap handler which is required by ELF.  In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.
Signed-off-by: default avatarEugene Teo <eteo@redhat.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 563d0757
...@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) ...@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
return -ENOEXEC; return -ENOEXEC;
} }
/*
* Requires a mmap handler. This prevents people from using a.out
* as part of an exploit attack against /proc-related vulnerabilities.
*/
if (!bprm->file->f_op || !bprm->file->f_op->mmap)
return -ENOEXEC;
fd_offset = N_TXTOFF(ex); fd_offset = N_TXTOFF(ex);
/* Check initial limits. This avoids letting people circumvent /* Check initial limits. This avoids letting people circumvent
...@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file) ...@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
goto out; goto out;
} }
/*
* Requires a mmap handler. This prevents people from using a.out
* as part of an exploit attack against /proc-related vulnerabilities.
*/
if (!file->f_op || !file->f_op->mmap)
goto out;
if (N_FLAGS(ex)) if (N_FLAGS(ex))
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment