Revision - 1fb8449 - [PATCH] core-dumping unreadable binaries via PT_INTERP

Revision 1fb844961818ce94e782acf6a96b92dc2303553b authored by Alexey Dobriyan on 26 January 2007, 08:57:16 UTC, committed by Linus Torvalds on 26 January 2007, 21:51:00 UTC

[PATCH] core-dumping unreadable binaries via PT_INTERP

Proposed patch to fix #5 in
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
aka
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073

To reproduce, do
* grab poc at the end of advisory.
* add line "eph.p_memsz = 4096;" after "eph.p_filesz = 4096;"
  where first "4096" is something equal to or greater than 4096.
* ./poc /usr/bin/sudo && ls -l

Here I get with 2.6.20-rc5:

 -rw------- 1 ad   ad   102400 2007-01-15 19:17 core
 ---s--x--x 2 root root 101820 2007-01-15 19:15 /usr/bin/sudo

Check for MAY_READ like binfmt_misc.c does.

Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 parent c20086d

Files
Changes

Permalinks

File	Mode	Size
Makefile	-rw-r--r--	569 bytes
datagram.c	-rw-r--r--	12.8 KB
dev.c	-rw-r--r--	86.0 KB
dev_mcast.c	-rw-r--r--	6.4 KB
dst.c	-rw-r--r--	6.2 KB
ethtool.c	-rw-r--r--	21.6 KB
fib_rules.c	-rw-r--r--	9.8 KB
filter.c	-rw-r--r--	10.0 KB
flow.c	-rw-r--r--	8.1 KB
gen_estimator.c	-rw-r--r--	6.8 KB
gen_stats.c	-rw-r--r--	6.4 KB
iovec.c	-rw-r--r--	5.1 KB
kmap_skb.h	-rw-r--r--	360 bytes
link_watch.c	-rw-r--r--	3.9 KB
neighbour.c	-rw-r--r--	64.2 KB
net-sysfs.c	-rw-r--r--	12.6 KB
netevent.c	-rw-r--r--	2.0 KB
netpoll.c	-rw-r--r--	18.4 KB
pktgen.c	-rw-r--r--	86.6 KB
request_sock.c	-rw-r--r--	2.9 KB
rtnetlink.c	-rw-r--r--	21.7 KB
scm.c	-rw-r--r--	6.4 KB
skbuff.c	-rw-r--r--	50.8 KB
sock.c	-rw-r--r--	48.5 KB
stream.c	-rw-r--r--	7.1 KB
sysctl_net_core.c	-rw-r--r--	3.0 KB
user_dma.c	-rw-r--r--	3.4 KB
utils.c	-rw-r--r--	5.8 KB
wireless.c	-rw-r--r--	69.5 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...