| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Dec 2021 09:34:47 -0800
From: "H.J. Lu" <hjl.tools@...il.com>
To: linux-kernel@...r.kernel.org
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Alexey Dobriyan <adobriyan@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH] fs/binfmt_elf.c: disallow zero entry point address
According to gABI, the entry point address in the ELF header gives the
virtual address to which the system first transfers control, thus
starting the process. If the file has no associated entry point, this
member holds zero. Update the ELF loader to disallow an ELF binary
with zero entry point address. This fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=215303
Tested by booting Fedora 35 and running a shared library with zero entry
point address:
$ readelf -h load.so | grep "Entry point address:"
Entry point address: 0x0
$ ./load.so
bash: ./load.so: cannot execute binary file: Exec format error
$
Signed-off-by: H.J. Lu <hjl.tools@...il.com>
---
fs/binfmt_elf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index bd78587194dc..bb427c97dc02 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -850,6 +850,8 @@ static int load_elf_binary(struct linux_binprm *bprm)
if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
goto out;
+ if (elf_ex->e_entry == 0)
+ goto out;
if (!elf_check_arch(elf_ex))
goto out;
if (elf_check_fdpic(elf_ex))
--
2.33.1
Powered by blists - more mailing lists