Allow recursion in binfmt_script and binfmt_misc
binfmt_script and binfmt_misc disallow recursion to avoid stack overflow using sh_bang and misc_bang. It causes problem in some cases: $ echo '#!/bin/ls' > /tmp/t0 $ echo '#!/tmp/t0' > /tmp/t1 $ echo '#!/tmp/t1' > /tmp/t2 $ chmod +x /tmp/t* $ /tmp/t2 zsh: exec format error: /tmp/t2 Similar problem with binfmt_misc. This patch introduces field 'recursion_depth' into struct linux_binprm to track recursion level in binfmt_misc and binfmt_script. If recursion level more then BINPRM_MAX_RECURSION it generates -ENOEXEC. [akpm@linux-foundation.org: make linux_binprm.recursion_depth a uint] Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Kirill A. Shutemov
committed by
Linus Torvalds
Linus Torvalds
parent
53112488be
commit
bf2a9a3963
@@ -39,6 +39,7 @@ struct linux_binprm{
|
||||
#ifdef __alpha__
|
||||
unsigned int taso:1;
|
||||
#endif
|
||||
unsigned int recursion_depth;
|
||||
struct file * file;
|
||||
int e_uid, e_gid;
|
||||
kernel_cap_t cap_post_exec_permitted;
|
||||
@@ -61,6 +62,7 @@ struct linux_binprm{
|
||||
#define BINPRM_FLAGS_EXECFD_BIT 1
|
||||
#define BINPRM_FLAGS_EXECFD (1 << BINPRM_FLAGS_EXECFD_BIT)
|
||||
|
||||
#define BINPRM_MAX_RECURSION 4
|
||||
|
||||
/*
|
||||
* This structure defines the functions that are used to load the binary formats that
|
||||
|
||||
Reference in New Issue
Block a user