• Kees Cook's avatar
    exec: use -ELOOP for max recursion depth · d7402698
    Kees Cook authored
    To avoid an explosion of request_module calls on a chain of abusive
    scripts, fail maximum recursion with -ELOOP instead of -ENOEXEC. As soon
    as maximum recursion depth is hit, the error will fail all the way back
    up the chain, aborting immediately.
    
    This also has the side-effect of stopping the user's shell from attempting
    to reexecute the top-level file as a shell script. As seen in the
    dash source:
    
            if (cmd != path_bshell && errno == ENOEXEC) {
                    *argv-- = cmd;
                    *argv = cmd = path_bshell;
                    goto repeat;
            }
    
    The above logic was designed for running scripts automatically that lacked
    the "#!" header, not to re-try failed recursion. On a legitimate -ENOEXEC,
    things continue to behave as the shell expects.
    
    Additionally, when tracking recursion, the binfmt handlers should not be
    involved. The recursion being tracked is the depth of calls through
    search_binary_handler(), so that function should be exclusively responsible
    for tracking the depth.
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: halfdog <me@halfdog.net>
    Cc: P J P <ppandit@redhat.com>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    d7402698
exec.c 39.2 KB