Require mmap handler for a.out executables

From: Marcel Holtmann
Date: Wed Jul 26 2006 - 07:21:05 EST

Hi Linus,

with the nasty /proc privilege escalation (CVE-2006-3626) it became
clear that we need to do something more to better protect us against
people exploiting stuff in /proc. Besides the don't allow chmod stuff,
Eugene also proposed to depend the a.out execution on the existence of
the mmap handler. Since we are doing the same for ELF, this makes
totally sense to me.

The attached patch implements the additional check for the mmap handler
and I hope you consider it for upstream inclusion.



[PATCH] Require mmap handler for a.out executables

Files supported by fs/proc/base.c, i.e. /proc/<pid>/*, are not capable
of meeting the validity checks in ELF load_elf_*() handling because they
have no mmap handler which is required by ELF. In order to stop a.out
executables being used as part of an exploit attack against /proc-related
vulnerabilities, we make a.out executables depend on ->mmap() existing.

Signed-off-by: Eugene Teo <eteo@xxxxxxxxxx>
Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>

commit 1597cf8405734e4747c808bb7e04115a6670dccf
tree 49050549aee6406dab0c021c5aa4e9bfc337bd8f
parent 44eb123126d289bac398cac0232309c228386671
author Marcel Holtmann <marcel@xxxxxxxxxxxx> Wed, 26 Jul 2006 12:12:14 +0200
committer Marcel Holtmann <marcel@xxxxxxxxxxxx> Wed, 26 Jul 2006 12:12:14 +0200

fs/binfmt_aout.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index f312103..5638acf 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -278,6 +278,9 @@ static int load_aout_binary(struct linux
return -ENOEXEC;

+ if (!bprm->file->f_op || !bprm->file->f_op->mmap)
+ return -ENOEXEC;
fd_offset = N_TXTOFF(ex);

/* Check initial limits. This avoids letting people circumvent
@@ -476,6 +479,9 @@ static int load_aout_library(struct file
goto out;

+ if (!file->f_op || !file->f_op->mmap)
+ goto out;
if (N_FLAGS(ex))
goto out;