[38817] in bugtraq
Re: Linux kernel ELF core dump privilege elevation
daemon@ATHENA.MIT.EDU (Paul Starzetz)
Wed May 11 21:39:54 2005
Date: Wed, 11 May 2005 23:51:21 +0200 (CEST)
From: Paul Starzetz <ihaquer@isec.pl>
To: Greg KH <gregkh@suse.de>
Cc: security@isec.pl, <linux-kernel@vger.kernel.org>,
<full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>,
<vulnwatch@vulnwatch.org>
In-Reply-To: <20050511181211.GA16652@kroah.com>
Message-ID: <Pine.LNX.4.44.0505112350170.15140-100000@isec.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 11 May 2005, Greg KH wrote:
that seems ok.
> --- gregkh-2.6.orig/fs/binfmt_elf.c 2005-05-11 00:03:45.000000000 -0700
> +++ gregkh-2.6/fs/binfmt_elf.c 2005-05-11 00:09:17.000000000 -0700
> @@ -251,7 +251,7 @@
> }
>
> /* Populate argv and envp */
> - p = current->mm->arg_start;
> + p = current->mm->arg_end = current->mm->arg_start;
> while (argc-- > 0) {
> size_t len;
> __put_user((elf_addr_t)p, argv++);
> @@ -1301,7 +1301,7 @@
> static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
> struct mm_struct *mm)
> {
> - int i, len;
> + unsigned int i, len;
>
> /* first copy the parameters from user space */
> memset(psinfo, 0, sizeof(struct elf_prpsinfo));
>
--
Paul Starzetz
iSEC Security Research
http://isec.pl/
