summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHugh Dickins <hugh@veritas.com>2006-04-17 22:46:32 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2006-04-17 14:52:57 -0700
commit00ec474c9bed7883f1b3e5f46e3bf09f7de69975 (patch)
treeec8007d1644004f2020c3491d395f545383da1c4
parent37863c8a9b7b0261ec76daad8afffe9ab5314794 (diff)
[PATCH] fix MADV_REMOVE vulnerability (CVE-2006-1524 for real this time)
madvise_remove needs to respect file and mmap protections. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--mm/madvise.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/madvise.c b/mm/madvise.c
index af3d573b0141..4e196155a0c3 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma,
return -EINVAL;
}
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
+ return -EACCES;
+
mapping = vma->vm_file->f_mapping;
offset = (loff_t)(start - vma->vm_start)