Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Linux kernel ELF core dump privilege elevation
From: Paul Starzetz <ihaquer () isec pl>
Date: Wed, 11 May 2005 23:51:21 +0200 (CEST)

On Wed, 11 May 2005, Greg KH wrote:

that seems ok.

--- gregkh-2.6.orig/fs/binfmt_elf.c   2005-05-11 00:03:45.000000000 -0700
+++ gregkh-2.6/fs/binfmt_elf.c        2005-05-11 00:09:17.000000000 -0700
@@ -251,7 +251,7 @@
      }
 
      /* Populate argv and envp */
-     p = current->mm->arg_start;
+     p = current->mm->arg_end = current->mm->arg_start;
      while (argc-- > 0) {
              size_t len;
              __put_user((elf_addr_t)p, argv++);
@@ -1301,7 +1301,7 @@
 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
                     struct mm_struct *mm)
 {
-     int i, len;
+     unsigned int i, len;
      
      /* first copy the parameters from user space */
      memset(psinfo, 0, sizeof(struct elf_prpsinfo));


-- 
Paul Starzetz
iSEC Security Research
http://isec.pl/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault