Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 1fb844961818ce94e782acf6a96b92dc2303553b
commit1fb844961818ce94e782acf6a96b92dc2303553b[log] [tgz]
authorAlexey Dobriyan <adobriyan@openvz.org>Fri Jan 26 00:57:16 2007 -0800
committerLinus Torvalds <torvalds@woody.linux-foundation.org>Fri Jan 26 13:51:00 2007 -0800
treef58153e0e6a21ee41761786c632f6261c30a3b8b
parentc20086de9319ac406f1e96ad459763c9f9965b18 [diff]
[PATCH] core-dumping unreadable binaries via PT_INTERP

Proposed patch to fix #5 in
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
aka
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073

To reproduce, do
* grab poc at the end of advisory.
* add line "eph.p_memsz = 4096;" after "eph.p_filesz = 4096;"
  where first "4096" is something equal to or greater than 4096.
* ./poc /usr/bin/sudo && ls -l

Here I get with 2.6.20-rc5:

 -rw------- 1 ad   ad   102400 2007-01-15 19:17 core
 ---s--x--x 2 root root 101820 2007-01-15 19:15 /usr/bin/sudo

Check for MAY_READ like binfmt_misc.c does.

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2 files changed
tree: f58153e0e6a21ee41761786c632f6261c30a3b8b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. COPYING
  20. CREDITS
  21. Kbuild
  22. MAINTAINERS
  23. Makefile
  24. README
  25. REPORTING-BUGS