Commit 8454aeef6fea944ced757ff8e761b59eb3ee960f
Committed by
Linus Torvalds
Linus Torvalds
1 parent
563d075702
Exists in
master
and in
4 other branches
[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable of meeting the validity checks in ELF load_elf_*() handling because they have no mmap handler which is required by ELF. In order to stop a.out executables being used as part of an exploit attack against /proc-related vulnerabilities, we make a.out executables depend on ->mmap() existing. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing 1 changed file with 14 additions and 0 deletions Side-by-side Diff
fs/binfmt_aout.c
| ... | ... | @@ -278,6 +278,13 @@ |
| 278 | 278 | return -ENOEXEC; |
| 279 | 279 | } |
| 280 | 280 | |
| 281 | + /* | |
| 282 | + * Requires a mmap handler. This prevents people from using a.out | |
| 283 | + * as part of an exploit attack against /proc-related vulnerabilities. | |
| 284 | + */ | |
| 285 | + if (!bprm->file->f_op || !bprm->file->f_op->mmap) | |
| 286 | + return -ENOEXEC; | |
| 287 | + | |
| 281 | 288 | fd_offset = N_TXTOFF(ex); |
| 282 | 289 | |
| 283 | 290 | /* Check initial limits. This avoids letting people circumvent |
| ... | ... | @@ -475,6 +482,13 @@ |
| 475 | 482 | i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { |
| 476 | 483 | goto out; |
| 477 | 484 | } |
| 485 | + | |
| 486 | + /* | |
| 487 | + * Requires a mmap handler. This prevents people from using a.out | |
| 488 | + * as part of an exploit attack against /proc-related vulnerabilities. | |
| 489 | + */ | |
| 490 | + if (!file->f_op || !file->f_op->mmap) | |
| 491 | + goto out; | |
| 478 | 492 | |
| 479 | 493 | if (N_FLAGS(ex)) |
| 480 | 494 | goto out; |