Question about binfmt_elf.c

From: Rob Landley
Date: Fri Jul 16 2010 - 16:12:54 EST

Next message: Valerie Aurora: "Re: [PATCH 07/38] whiteout: Set S_OPAQUE inode flag when creating directories"
Previous message: Scott Wood: "Re: [PATCH v2] edac: mpc85xx: Add support for new MPCxxx/Pxxxx EDACcontrollers"
Next in thread: Andrew Morton: "Re: Question about binfmt_elf.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could somebody please update this comment to explain why fiddling with
strangely protected bss is _not_ an easy way to leak arbitrary amounts of
uninitalized kernel memory (with whatever previous contents they have) to
userspace?

nbyte = ELF_PAGEOFFSET(elf_bss);
if (nbyte) {
nbyte = ELF_MIN_ALIGN - nbyte;
if (nbyte > elf_brk - elf_bss)
nbyte = elf_brk - elf_bss;
if (clear_user((void __user *)elf_bss +
load_bias, nbyte)) {
/*
* This bss-zeroing can fail if the ELF
* file specifies odd protections. So
* we don't check the return value
*/
}
}

Just curious. Reading through the code and trying to understand it...

Rob
--
GPLv3: as worthy a successor as The Phantom Meanace, as timely as Duke Nukem
Forever, and as welcome as New Coke.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valerie Aurora: "Re: [PATCH 07/38] whiteout: Set S_OPAQUE inode flag when creating directories"
Previous message: Scott Wood: "Re: [PATCH v2] edac: mpc85xx: Add support for new MPCxxx/Pxxxx EDACcontrollers"
Next in thread: Andrew Morton: "Re: Question about binfmt_elf.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]