13 Jul, 2009

1 commit

• f9fabcb58   personality: fix PER_CLEAR_ON_SETID ... Browse Code »

  We have found that the current PER_CLEAR_ON_SETID mask on Linux doesn't
  include neither ADDR_COMPAT_LAYOUT, nor MMAP_PAGE_ZERO.

  The current mask is READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE.

  We believe it is important to add MMAP_PAGE_ZERO, because by using this
  personality it is possible to have the first page mapped inside a
  process running as setuid root. This could be used in those scenarios:

  - Exploiting a NULL pointer dereference issue in a setuid root binary
  - Bypassing the mmap_min_addr restrictions of the Linux kernel: by
  running a setuid binary that would drop privileges before giving us
  control back (for instance by loading a user-supplied library), we
  could get the first page mapped in a process we control. By further
  using mremap and mprotect on this mapping, we can then completely
  bypass the mmap_min_addr restrictions.

  Less importantly, we believe ADDR_COMPAT_LAYOUT should also be added
  since on x86 32bits it will in practice disable most of the address
  space layout randomization (only the stack will remain randomized).

  Signed-off-by: Julien Tinnes
  Signed-off-by: Tavis Ormandy
  Cc: stable@kernel.org
  Acked-by: Christoph Hellwig
  Acked-by: Kees Cook
  Acked-by: Eugene Teo
  [ Shortened lines and fixed whitespace as per Christophs' suggestion ]
  Signed-off-by: Linus Torvalds

  Julien Tinnes

  2009-07-13 03:21:33 +0800  

29 Apr, 2008

1 commit

• ecd0fa982   Remove the macro get_personality ... Browse Code »

  Remove the macro get_personality, use ->personality instead.

  Cc: Christoph Hellwig
  Cc: David Howells
  Cc: Bryan Wu
  Signed-off-by: WANG Cong
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  WANG Cong

  2008-04-29 23:06:02 +0800  

13 Nov, 2006

1 commit

• d8b295f29   [PATCH] Fix missing parens in set_personality() ... Browse Code »

  If you call set_personality() with an expression such as:

  set_personality(foo ? PERS_FOO1 : PERS_FOO2);

  then this evaluates to:

  ((current->personality == foo ? PERS_FOO1 : PERS_FOO2) ? ...

  which is obviously not the intended result. Add the missing parents
  to ensure this gets evaluated as expected:

  ((current->personality == (foo ? PERS_FOO1 : PERS_FOO2)) ? ...

  Signed-off-by: Russell King
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Russell King

  2006-11-13 23:40:42 +0800  

21 Oct, 2006

1 commit

• 34e856e6a   [PATCH] Make <linux/personality.h> userspace proof ... Browse Code »

  contains the constants for personality(2) but also
  some defintions that are useless or even harmful in userspace such as the
  personality() macro.

  Signed-off-by: Ralf Baechle
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Ralf Baechle

  2006-10-21 01:26:35 +0800  

17 Apr, 2005

1 commit

• 1da177e4c   Linux-2.6.12-rc2 ... Browse Code »

  Initial git repository build. I'm not bothering with the full history,
  even though we have it. We can create a separate "historical" git
  archive of that later if we want to, and in the meantime it's about
  3.2GB when imported into git - space that would just make the early
  git days unnecessarily complicated, when we don't have a lot of good
  infrastructure for it.

  Let it rip!

  Linus Torvalds

  2005-04-17 06:20:36 +0800