[PATCH] core-dumping unreadable binaries via PT_INTERP - linux-dev - Linux kernel development work

diff options

author	Alexey Dobriyan <adobriyan@openvz.org>	2007-01-26 00:57:16 -0800
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-01-26 13:51:00 -0800
commit	1fb844961818ce94e782acf6a96b92dc2303553b (patch)
tree	f58153e0e6a21ee41761786c632f6261c30a3b8b /MAINTAINERS
parent	[PATCH] md: remove unnecessary printk when raid5 gets an unaligned read. (diff)
download	linux-dev-1fb844961818ce94e782acf6a96b92dc2303553b.tar.xz linux-dev-1fb844961818ce94e782acf6a96b92dc2303553b.zip

[PATCH] core-dumping unreadable binaries via PT_INTERP

Proposed patch to fix #5 in http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt aka http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073 To reproduce, do * grab poc at the end of advisory. * add line "eph.p_memsz = 4096;" after "eph.p_filesz = 4096;" where first "4096" is something equal to or greater than 4096. * ./poc /usr/bin/sudo && ls -l Here I get with 2.6.20-rc5: -rw------- 1 ad ad 102400 2007-01-15 19:17 core ---s--x--x 2 root root 101820 2007-01-15 19:15 /usr/bin/sudo Check for MAY_READ like binfmt_misc.c does. Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'MAINTAINERS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: