Red Hat Bugzilla – Bug 134981
CAN-2004-0138 Program crashes the kernel
Last modified: 2007-11-30 17:07:04 EST
Description of problem:
Kernel crash (somewhere in binfmt...)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Unzip the attached zip file
2. run the program, or
2a. run "ldd program"
Crashes the kernel
It just fails
Unable to load interpreter
request_moduloe[binfmt-464c]: wiatpid(2727,...) failed, errno 512
memory.c:553: bad pgd 000001011a22d000(706d617473656d69)
However, it only hangs crash.out there, not the system.
urk... the problem is that the main binary is a 64-bit image, but it
links to a 32-bit loader and shared library (probably because it's
looking for things in /lib rather than in /lib64). I don't know HOW
it manages to smash these different flavors together into one image,
but it does. That's why we're going nuts in "load_elf**32**_binary()"
even though it's a 64-bit main image.
RHEL4 manages to correctly reject this mongrel binary, and it
shouldn't be hard to add similar checks to RHEL3.
Created attachment 105318 [details]
Patch that fixes this bug
I lifted this patch from 2.6; it's an extra sanity check in load_elf_binary()
to ensure that the ELF interpreter is of an arch compatible with the main
program. I tested it and it fixes the problem. Now when you attempt to run
the test program you get the message:
-bash: ./crash.out: Accessing a corrupted shared library
A fix for this problem has just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-25.EL).
*** Bug 127915 has been marked as a duplicate of this bug. ***
The fix for this problem has also been committed to the RHEL3 E4
patch pool this evening (in kernel version 2.4.21-20.0.1.EL).
The correct CVE name for this issue is CVE-2004-0138.