Commit 8454aeef6fea944ced757ff8e761b59eb3ee960f
Committed by
Linus Torvalds
1 parent
563d075702
Exists in
master
and in
4 other branches
[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable of meeting the validity checks in ELF load_elf_*() handling because they have no mmap handler which is required by ELF. In order to stop a.out executables being used as part of an exploit attack against /proc-related vulnerabilities, we make a.out executables depend on ->mmap() existing. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing 1 changed file with 14 additions and 0 deletions Side-by-side Diff
fs/binfmt_aout.c
... | ... | @@ -278,6 +278,13 @@ |
278 | 278 | return -ENOEXEC; |
279 | 279 | } |
280 | 280 | |
281 | + /* | |
282 | + * Requires a mmap handler. This prevents people from using a.out | |
283 | + * as part of an exploit attack against /proc-related vulnerabilities. | |
284 | + */ | |
285 | + if (!bprm->file->f_op || !bprm->file->f_op->mmap) | |
286 | + return -ENOEXEC; | |
287 | + | |
281 | 288 | fd_offset = N_TXTOFF(ex); |
282 | 289 | |
283 | 290 | /* Check initial limits. This avoids letting people circumvent |
... | ... | @@ -475,6 +482,13 @@ |
475 | 482 | i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { |
476 | 483 | goto out; |
477 | 484 | } |
485 | + | |
486 | + /* | |
487 | + * Requires a mmap handler. This prevents people from using a.out | |
488 | + * as part of an exploit attack against /proc-related vulnerabilities. | |
489 | + */ | |
490 | + if (!file->f_op || !file->f_op->mmap) | |
491 | + goto out; | |
478 | 492 | |
479 | 493 | if (N_FLAGS(ex)) |
480 | 494 | goto out; |