[PATCH] Require mmap handler for a.out executables
authorEugene Teo <eteo@redhat.com>
Fri, 29 Sep 2006 08:59:33 +0000 (01:59 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Fri, 29 Sep 2006 16:18:08 +0000 (09:18 -0700)
Files supported by fs/proc/base.c, i.e.  /proc/<pid>/*, are not capable of
meeting the validity checks in ELF load_elf_*() handling because they have
no mmap handler which is required by ELF.  In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.

Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/binfmt_aout.c

index f312103..517e111 100644 (file)
@@ -278,6 +278,13 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
                return -ENOEXEC;
        }
 
+       /*
+        * Requires a mmap handler. This prevents people from using a.out
+        * as part of an exploit attack against /proc-related vulnerabilities.
+        */
+       if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+               return -ENOEXEC;
+
        fd_offset = N_TXTOFF(ex);
 
        /* Check initial limits. This avoids letting people circumvent
@@ -476,6 +483,13 @@ static int load_aout_library(struct file *file)
                goto out;
        }
 
+       /*
+        * Requires a mmap handler. This prevents people from using a.out
+        * as part of an exploit attack against /proc-related vulnerabilities.
+        */
+       if (!file->f_op || !file->f_op->mmap)
+               goto out;
+
        if (N_FLAGS(ex))
                goto out;