RE: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4

From: Zach, Yoav
Date: Thu Sep 04 2003 - 01:31:33 EST

Next message: Richard Procter: "Re: [PATCH] Fix SMP support on 3c527 net driver, take 2"
Previous message: "Andrey Borzenkov" : "Re: [PATCH] MODULE_ALIAS for IRDA dongles"
In reply to: insecure: "Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: Zach, Yoav: "RE: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> You've added a security hole.
>
> > + if (fmt->flags & MISC_FMT_OPEN_BINARY) {
> > + /* if the binary should be opened on behalf of the
> > + * interpreter than keep it open and assign it a
> > descriptor */
> > + fd = get_unused_fd ();
> > + if (fd < 0) {
>
> At this point your file table might be shared with another thread (see
> binfmt_elf in 2.4 - I dunno if 2.6 has been fixed for this
> exploit yet).
> You need to unshare the file table before you modify it
> during the exec.
>
> Otherwise it looks fairly sane.
>

Do you know whether the 'unshare_files' patch was already prepared and
sent to the 2.6 maintainer ? If not then I would like to do it.

Thanks,
Yoav.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Procter: "Re: [PATCH] Fix SMP support on 3c527 net driver, take 2"
Previous message: "Andrey Borzenkov" : "Re: [PATCH] MODULE_ALIAS for IRDA dongles"
In reply to: insecure: "Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: Zach, Yoav: "RE: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]