Bugtraq mailing list archives
Re: Linux kernel ELF core dump privilege elevation
From: Paul Starzetz <ihaquer () isec pl>
Date: Wed, 11 May 2005 23:51:21 +0200 (CEST)
On Wed, 11 May 2005, Greg KH wrote: that seems ok.
--- gregkh-2.6.orig/fs/binfmt_elf.c 2005-05-11 00:03:45.000000000 -0700 +++ gregkh-2.6/fs/binfmt_elf.c 2005-05-11 00:09:17.000000000 -0700 @@ -251,7 +251,7 @@ } /* Populate argv and envp */ - p = current->mm->arg_start; + p = current->mm->arg_end = current->mm->arg_start; while (argc-- > 0) { size_t len; __put_user((elf_addr_t)p, argv++); @@ -1301,7 +1301,7 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, struct mm_struct *mm) { - int i, len; + unsigned int i, len; /* first copy the parameters from user space */ memset(psinfo, 0, sizeof(struct elf_prpsinfo));
-- Paul Starzetz iSEC Security Research http://isec.pl/
Current thread:
- Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)
- Re: Linux kernel ELF core dump privilege elevation codeQ (May 13)
- Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
- Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
- Re: Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) Andrew Griffiths (May 12)
- Re: Linux kernel ELF core dump privilege elevation antoine (May 12)
- Re: Linux kernel ELF core dump privilege elevation Pedro Venda (May 13)
- Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)