Bugtraq mailing list archives

Re: Linux kernel ELF core dump privilege elevation

From: Paul Starzetz <ihaquer () isec pl>
Date: Wed, 11 May 2005 23:51:21 +0200 (CEST)

On Wed, 11 May 2005, Greg KH wrote:

that seems ok.

--- gregkh-2.6.orig/fs/binfmt_elf.c   2005-05-11 00:03:45.000000000 -0700
+++ gregkh-2.6/fs/binfmt_elf.c        2005-05-11 00:09:17.000000000 -0700
@@ -251,7 +251,7 @@
      }
 
      /* Populate argv and envp */
-     p = current->mm->arg_start;
+     p = current->mm->arg_end = current->mm->arg_start;
      while (argc-- > 0) {
              size_t len;
              __put_user((elf_addr_t)p, argv++);
@@ -1301,7 +1301,7 @@
 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
                     struct mm_struct *mm)
 {
-     int i, len;
+     unsigned int i, len;
      
      /* first copy the parameters from user space */
      memset(psinfo, 0, sizeof(struct elf_prpsinfo));


-- 
Paul Starzetz
iSEC Security Research
http://isec.pl/

Current thread:

Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)
  - Re: Linux kernel ELF core dump privilege elevation codeQ (May 13)
- Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
  - Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
  - Re: Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) Andrew Griffiths (May 12)
  - Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) chris (May 13)
- Re: Linux kernel ELF core dump privilege elevation antoine (May 12)
  - Re: Linux kernel ELF core dump privilege elevation Pedro Venda (May 13)