[PATCH] [CAN-2004-1144] Fix int 0x80 hole in 2.4 x86-64 linux kernels

[Andi Kleen]

Petr Vandrovec discovered an exploitable root hole on all 2.4 x86-64 kernels.
The problem occurs because the eax register on the 32bit int 0x80 syscall
handler is not properly 64bit zero extended, which can be used to overflow the 
system call table. 

The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this
hole because some unrelated changes in 2.5 fixed it as a side effect.

Marcelo should be releasing a new pre* kernel with this fix 
shortly, there should be also update kernel from the various
linux distributions.

It is recommended that everybody who runs a 2.4 x86-64 kernel with
shell user access updates to a kernel which has this patch applied.

Patch is for 2.4.29pre2, but should apply to pretty much any 
2.4.x x86-64 kernel.

-Andi

diff -u linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S-o linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S
--- linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S-o	2004-11-06 07:37:32.000000000 +0100
+++ linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S	2004-12-22 18:49:05.000000000 +0100
@@ -52,6 +52,7 @@
 ENTRY(ia32_syscall)
 	swapgs	
 	sti
+	movl %eax,%eax	
 	pushq %rax
 	cld
 	SAVE_ARGS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/