提交 69cf0fac 编写于 作者: H Hugh Dickins 提交者: Linus Torvalds

[PATCH] Fix MADV_REMOVE protection checking

madvise_remove needs to respect file and mmap protections.
Signed-off-by: NHugh Dickins <hugh@veritas.com>
[ Will the real CVE-2006-1524 stand up, please.. ]
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 e14d95f7
...@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma, ...@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma,
return -EINVAL; return -EINVAL;
} }
if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
return -EACCES;
mapping = vma->vm_file->f_mapping; mapping = vma->vm_file->f_mapping;
offset = (loff_t)(start - vma->vm_start) offset = (loff_t)(start - vma->vm_start)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册