Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4

From: Alan Cox
Date: Sun Aug 31 2003 - 17:48:59 EST

Next message: Linus Torvalds: "Re: [PATCHSET][2.6-test4][0/6]Support for HPET based timer - Take2"
Previous message: Andrea Arcangeli: "Re: Andrea VM changes"
In reply to: Alan Cox: "Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: Alan Cox: "Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sul, 2003-08-31 at 22:41, Zach, Yoav wrote:
> The proposed patch solves a problem for interpreters that need to
> execute a non-readable file, which cannot be read in userland. To handle

You've added a security hole.

> + if (fmt->flags & MISC_FMT_OPEN_BINARY) {
> + /* if the binary should be opened on behalf of the
> + * interpreter than keep it open and assign it a
> descriptor */
> + fd = get_unused_fd ();
> + if (fd < 0) {

At this point your file table might be shared with another thread (see
binfmt_elf in 2.4 - I dunno if 2.6 has been fixed for this exploit yet).
You need to unshare the file table before you modify it during the exec.

Otherwise it looks fairly sane.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [PATCHSET][2.6-test4][0/6]Support for HPET based timer - Take2"
Previous message: Andrea Arcangeli: "Re: Andrea VM changes"
In reply to: Alan Cox: "Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: Alan Cox: "Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]