Re: [PATCH] kernel_read result fixes
From: Andrew Morton
Date: Thu Dec 30 2004 - 02:26:49 EST
Andres Salomon <dilinger@xxxxxxxxx> wrote:
>
> A few potential vulnerabilities were pointed out by Katrina Tsipenyuk in
> <http://seclists.org/lists/linux-kernel/2004/Dec/1878.html>. I haven't
> seen any discussion or fixes of the issue yet, so here's a patch
> (against 2.6.9). The fixes are along the same lines as the previous
> binfmt_elf fixes. There's one additional place (inside fs/binfmt_som.c)
> that a fix could be applied, but since that doesn't compile anyways, I
> didn't see a point in patching it.
This patch is very wrong.
--- 25/fs/exec.c~kernel_read-result-fixes 2004-12-27 00:39:57.999820768 -0800
+++ 25-akpm/fs/exec.c 2004-12-27 00:39:58.007819552 -0800
@@ -1028,8 +1028,11 @@ int search_binary_handler(struct linux_b
bprm->file = file;
bprm->loader = loader;
retval = prepare_binprm(bprm);
- if (retval<0)
+ if (retval != BINPRM_BUF_SIZE) {
+ if (retval >= 0)
+ retval = -EIO;
return retval;
+ }
prepare_binprm() can and will return values less than 128 if the
executable's file is less than 128 bytes in size.
linux:/home/akpm> egrep
zsh: Input/output error: egrep
linux:/home/akpm> cat /bin/egrep
#!/bin/sh
exec /bin/grep -E ${1+"$@"}
linux:/home/akpm>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/