Skip to content

Commit

Permalink
Revert "exec: load_script: don't blindly truncate shebang string"
Browse files Browse the repository at this point in the history 
This reverts commit 8099b04.

It turns out that people do actually depend on the shebang string being
truncated, and on the fact that an interpreter (like perl) will often
just re-interpret it entirely to get the full argument list.

Reported-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Linus Torvalds committed Feb 14, 2019
1 parent 23e93c9 commit cb5b020
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions fs/binfmt_script.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,10 @@ static int load_script(struct linux_binprm *bprm)
fput(bprm->file);
bprm->file = NULL;

for (cp = bprm->buf+2;; cp++) {
if (cp >= bprm->buf + BINPRM_BUF_SIZE)
return -ENOEXEC;
if (!*cp || (*cp == '\n'))
break;
}
bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
if ((cp = strchr(bprm->buf, '\n')) == NULL)
cp = bprm->buf+BINPRM_BUF_SIZE-1;
*cp = '\0';

while (cp > bprm->buf) {
cp--;
if ((*cp == ' ') || (*cp == '\t'))
Expand Down

0 comments on commit cb5b020

Please sign in to comment.