Full Disclosure mailing list archives
Small Linux Kernel Patch To Check For Shdr
From: none none <justliketocode () yahoo com>
Date: Fri, 16 Sep 2005 18:04:40 -0700 (PDT)
This small patch can be applied to the Linux kernel 2.6.13 sources. It just checks if an ELF binary has a section header or not. Only tested on i386 and always only for fun. A pretty basic technique to throw off debugging and disassembler tools is to strip the section header off of an ELF executable. Archaic tools like objdump will fail when told to open a binary whose section header is gone. So now your kernel won't even execute such binaries. Be warned some distros may strip out their section headers to save space, its not necesary for execution. The patch is basic, nothing cool. And comes with no guarntee :) --- a/fs/binfmt_elf.c 2005-08-28 19:41:01.000000000 -0400 +++ b/fs/binfmt_elf.c 2005-09-16 21:02:16.000000000 -0400 @@ -560,6 +560,11 @@ static int load_elf_binary(struct linux_ if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr)) goto out; + /* two simple checks to quit if binary has no shdr */ + if (loc->elf_ex.e_shentsize == 0) + goto out; + if (loc->elf_ex.e_shnum == 0) + goto out; if (loc->elf_ex.e_phnum < 1 || loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr)) goto out; __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Small Linux Kernel Patch To Check For Shdr none none (Sep 17)