Revision 1fb844961818ce94e782acf6a96b92dc2303553b authored by Alexey Dobriyan on 26 January 2007, 08:57:16 UTC, committed by Linus Torvalds on 26 January 2007, 21:51:00 UTC
Proposed patch to fix #5 in http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt aka http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073 To reproduce, do * grab poc at the end of advisory. * add line "eph.p_memsz = 4096;" after "eph.p_filesz = 4096;" where first "4096" is something equal to or greater than 4096. * ./poc /usr/bin/sudo && ls -l Here I get with 2.6.20-rc5: -rw------- 1 ad ad 102400 2007-01-15 19:17 core ---s--x--x 2 root root 101820 2007-01-15 19:15 /usr/bin/sudo Check for MAY_READ like binfmt_misc.c does. Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent c20086d
File | Mode | Size |
---|---|---|
Makefile | -rw-r--r-- | 569 bytes |
datagram.c | -rw-r--r-- | 12.8 KB |
dev.c | -rw-r--r-- | 86.0 KB |
dev_mcast.c | -rw-r--r-- | 6.4 KB |
dst.c | -rw-r--r-- | 6.2 KB |
ethtool.c | -rw-r--r-- | 21.6 KB |
fib_rules.c | -rw-r--r-- | 9.8 KB |
filter.c | -rw-r--r-- | 10.0 KB |
flow.c | -rw-r--r-- | 8.1 KB |
gen_estimator.c | -rw-r--r-- | 6.8 KB |
gen_stats.c | -rw-r--r-- | 6.4 KB |
iovec.c | -rw-r--r-- | 5.1 KB |
kmap_skb.h | -rw-r--r-- | 360 bytes |
link_watch.c | -rw-r--r-- | 3.9 KB |
neighbour.c | -rw-r--r-- | 64.2 KB |
net-sysfs.c | -rw-r--r-- | 12.6 KB |
netevent.c | -rw-r--r-- | 2.0 KB |
netpoll.c | -rw-r--r-- | 18.4 KB |
pktgen.c | -rw-r--r-- | 86.6 KB |
request_sock.c | -rw-r--r-- | 2.9 KB |
rtnetlink.c | -rw-r--r-- | 21.7 KB |
scm.c | -rw-r--r-- | 6.4 KB |
skbuff.c | -rw-r--r-- | 50.8 KB |
sock.c | -rw-r--r-- | 48.5 KB |
stream.c | -rw-r--r-- | 7.1 KB |
sysctl_net_core.c | -rw-r--r-- | 3.0 KB |
user_dma.c | -rw-r--r-- | 3.4 KB |
utils.c | -rw-r--r-- | 5.8 KB |
wireless.c | -rw-r--r-- | 69.5 KB |
Computing file changes ...