[PATCH] [CAN-2004-1144] Fix int 0x80 hole in 2.4 x86-64 linux kernels

From: Andi Kleen
Date: Wed Dec 22 2004 - 12:59:25 EST

Petr Vandrovec discovered an exploitable root hole on all 2.4 x86-64 kernels.
The problem occurs because the eax register on the 32bit int 0x80 syscall
handler is not properly 64bit zero extended, which can be used to overflow the
system call table.

The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this
hole because some unrelated changes in 2.5 fixed it as a side effect.

Marcelo should be releasing a new pre* kernel with this fix
shortly, there should be also update kernel from the various
linux distributions.

It is recommended that everybody who runs a 2.4 x86-64 kernel with
shell user access updates to a kernel which has this patch applied.

Patch is for 2.4.29pre2, but should apply to pretty much any
2.4.x x86-64 kernel.


diff -u linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S-o linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S
--- linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S-o 2004-11-06 07:37:32.000000000 +0100
+++ linux-2.4.29pre2/arch/x86_64/ia32/ia32entry.S 2004-12-22 18:49:05.000000000 +0100
@@ -52,6 +52,7 @@
+ movl %eax,%eax
pushq %rax
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/