compat_do_execve should unshare_files
2.6.26's commit fd8328be87
"sanitize handling of shared descriptor tables in failing execve()"
moved the unshare_files() from flush_old_exec() and several binfmts
to the head of do_execve(); but forgot to make the same change to
compat_do_execve(), leaving a CLONE_FILES files_struct shared across
exec from a 32-bit process on a 64-bit kernel.
It's arguable whether the files_struct really ought to be unshared
across exec; but 2.6.1 made that so to stop the loading binary's fd
leaking into other threads, and a 32-bit process on a 64-bit kernel
ought to behave in the same way as 32 on 32 and 64 on 64.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
07d43ba986
commit
53e9309e01
12
fs/compat.c
12
fs/compat.c
|
@ -1420,12 +1420,17 @@ int compat_do_execve(char * filename,
|
|||
{
|
||||
struct linux_binprm *bprm;
|
||||
struct file *file;
|
||||
struct files_struct *displaced;
|
||||
int retval;
|
||||
|
||||
retval = unshare_files(&displaced);
|
||||
if (retval)
|
||||
goto out_ret;
|
||||
|
||||
retval = -ENOMEM;
|
||||
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);
|
||||
if (!bprm)
|
||||
goto out_ret;
|
||||
goto out_files;
|
||||
|
||||
retval = mutex_lock_interruptible(¤t->cred_exec_mutex);
|
||||
if (retval < 0)
|
||||
|
@ -1487,6 +1492,8 @@ int compat_do_execve(char * filename,
|
|||
mutex_unlock(¤t->cred_exec_mutex);
|
||||
acct_update_integrals(current);
|
||||
free_bprm(bprm);
|
||||
if (displaced)
|
||||
put_files_struct(displaced);
|
||||
return retval;
|
||||
|
||||
out:
|
||||
|
@ -1506,6 +1513,9 @@ out_unlock:
|
|||
out_free:
|
||||
free_bprm(bprm);
|
||||
|
||||
out_files:
|
||||
if (displaced)
|
||||
reset_files_struct(displaced);
|
||||
out_ret:
|
||||
return retval;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue