Skip to content

L
linux
Commit c1e4dd14 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Willy Tarreau
Browse files
Options

[PATCH] Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848) 

This fixes a vulnerability in the "parent process death signal"
implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd.
and iSEC Security Research.

http://marc.info/?l=bugtraq&m=118711306802632&w=2Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent 1cf05c27
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 4 deletions
fs/exec.c
View file @ c1e4dd14
......@@ -881,9 +881,12 @@ int flush_old_exec(struct linux_binprm * bprm)
*/
current->mm->task_size = TASK_SIZE;
if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
file_permission(bprm->file, MAY_READ) ||
(bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
suid_keys(current);
current->mm->dumpable = suid_dumpable;
current->pdeath_signal = 0;
} else if (file_permission(bprm->file, MAY_READ) ||
(bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
suid_keys(current);
current->mm->dumpable = suid_dumpable;
}
......@@ -974,8 +977,10 @@ void compute_creds(struct linux_binprm *bprm)
{
int unsafe;
if (bprm->e_uid != current->uid)
if (bprm->e_uid != current->uid) {
suid_keys(current);
current->pdeath_signal = 0;
}
exec_keys(current);
task_lock(current);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7