summaryrefslogtreecommitdiffstats
path: root/COPYING
diff options
context:
space:
mode:
authorPavel Emelyanov <xemul@openvz.org>2008-04-29 00:59:24 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 08:06:04 -0700
commit3a2e7f47d71e1df86acc1dda6826890b6546a4e1 (patch)
tree3c5856f67af25a80a4d934e754f437936c7b1bbf /COPYING
parentcbd9b67bd3883dff0ef4b8ec9229d315a9ba38f0 (diff)
downloadlinux-3a2e7f47d71e1df86acc1dda6826890b6546a4e1.tar.bz2
binfmt_misc.c: avoid potential kernel stack overflow
This can be triggered with root help only, but... Register the ":text:E::txt::/root/cat.txt:' rule in binfmt_misc (by root) and try launching the cat.txt file (by anyone) :) The result is - the endless recursion in the load_misc_binary -> open_exec -> load_misc_binary chain and stack overflow. There's a similar problem with binfmt_script, and there's a sh_bang memner on linux_binprm structure to handle this, but simply raising this in binfmt_misc may break some setups when the interpreter of some misc binaries is a script. So the proposal is to turn sh_bang into a bit, add a new one (the misc_bang) and raise it in load_misc_binary. After this, even if we set up the misc -> script -> misc loop for binfmts one of them will step on its own bang and exit. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions