[PATCH] Require mmap handler for a.out executables
Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable of meeting the validity checks in ELF load_elf_*() handling because they have no mmap handler which is required by ELF. In order to stop a.out executables being used as part of an exploit attack against /proc-related vulnerabilities, we make a.out executables depend on ->mmap() existing. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
563d075702
commit
8454aeef6f
|
@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
|
|||
return -ENOEXEC;
|
||||
}
|
||||
|
||||
/*
|
||||
* Requires a mmap handler. This prevents people from using a.out
|
||||
* as part of an exploit attack against /proc-related vulnerabilities.
|
||||
*/
|
||||
if (!bprm->file->f_op || !bprm->file->f_op->mmap)
|
||||
return -ENOEXEC;
|
||||
|
||||
fd_offset = N_TXTOFF(ex);
|
||||
|
||||
/* Check initial limits. This avoids letting people circumvent
|
||||
|
@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
|
|||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
* Requires a mmap handler. This prevents people from using a.out
|
||||
* as part of an exploit attack against /proc-related vulnerabilities.
|
||||
*/
|
||||
if (!file->f_op || !file->f_op->mmap)
|
||||
goto out;
|
||||
|
||||
if (N_FLAGS(ex))
|
||||
goto out;
|
||||
|
||||
|
|
Loading…
Reference in New Issue