Last active
August 29, 2015 14:06
-
-
Save bof/40b8e035f73c7d846ec0 to your computer and use it in GitHub Desktop.
shellshock mitigating kernel patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- linux-3.10.40/fs/binfmt_elf.c 2014-05-13 14:00:04.000000000 +0200 | |
+++ linux-3.10.40-shellshock/fs/binfmt_elf.c 2014-09-30 08:40:06.616396236 +0200 | |
@@ -307,11 +307,37 @@ | |
current->mm->arg_end = current->mm->env_start = p; | |
while (envc-- > 0) { | |
size_t len; | |
+ size_t shock_len; | |
+ char *shock_p, shock[48], shock_comm[sizeof(current->comm)]; | |
if (__put_user((elf_addr_t)p, envp++)) | |
return -EFAULT; | |
len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); | |
if (!len || len > MAX_ARG_STRLEN) | |
return -EINVAL; | |
+ shock_len = len; | |
+ if (shock_len > sizeof(shock)) | |
+ shock_len = sizeof(shock); | |
+ if (!copy_from_user(shock, (void __user *)p, shock_len)) { | |
+ shock[sizeof(shock)-1] = '\0'; | |
+ for (shock_p = shock; *shock_p; shock_p++) { | |
+ if (shock_p[0] != '=') { | |
+ continue; | |
+ } | |
+ if ( shock_p[1] != '(' | |
+ || shock_p[2] != ')' | |
+ || shock_p[3] != ' ' | |
+ || shock_p[4] != '{') { | |
+ break; | |
+ } | |
+ envp--; | |
+ printk(KERN_ERR "shocked by '%.*s=...' from UID %u PID %u [%s] - ignoring...\n", | |
+ (int)(shock_p-shock), shock, | |
+ from_kuid_munged(cred->user_ns, cred->euid), | |
+ current->pid, | |
+ get_task_comm(shock_comm, current)); | |
+ break; | |
+ } | |
+ } | |
p += len; | |
} | |
if (__put_user(0, envp)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Third revision: