Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Linux kernel ELF core dump privilege elevation
From: Paul Starzetz <ihaquer () isec pl>
Date: Wed, 11 May 2005 23:51:21 +0200 (CEST)
On Wed, 11 May 2005, Greg KH wrote:

that seems ok.


--- gregkh-2.6.orig/fs/binfmt_elf.c   2005-05-11 00:03:45.000000000 -0700
+++ gregkh-2.6/fs/binfmt_elf.c        2005-05-11 00:09:17.000000000 -0700
@@ -251,7 +251,7 @@
      }
 
      /* Populate argv and envp */
-     p = current->mm->arg_start;
+     p = current->mm->arg_end = current->mm->arg_start;
      while (argc-- > 0) {
              size_t len;
              __put_user((elf_addr_t)p, argv++);
@@ -1301,7 +1301,7 @@
 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
                     struct mm_struct *mm)
 {
-     int i, len;
+     unsigned int i, len;
      
      /* first copy the parameters from user space */
      memset(psinfo, 0, sizeof(struct elf_prpsinfo));



-- 
Paul Starzetz
iSEC Security Research
http://isec.pl/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]