Red Hat Bugzilla – Bug 193104
Kernel crash via malformed ELF executable
Last modified: 2007-11-30 17:07:25 EST
According to a posting from Linux Kernel mailing list it is possible to create
an ELF executable that will crash the running Linux kernel on execution:
The routine at the URL above is not a whole program. I added the following
main() function as follows:
main(int argc, char *argv)
int rfd, wfd;
if (argc != 4)
if ((rfd = open(argv, O_RDONLY)) < 0)
if ((wfd = open(argv, O_WRONLY | O_CREAT | O_TRUNC, 0777)) < 0)
ChangeElfHeader(rfd, wfd, strtoul(argv, (char **)0, 0));
along with an include of <stdlib.h> and ran it according to the directions
in the LKML posting (on an x86_64 box). I then ran the resulting "runt"
ELF image. No crash occurred. The exec() simply failed with ENOMEM.
Closing as NOTABUG.
The whole program can be found in his own reply to his post. It contains an
additional finishWriting() routine.
Marcel, please attach the whole program that you think is capable of
reproducing the problem, and I'll retest it. Thanks in advance.
Created attachment 130248 [details]
Full source code of convertcore program
Thanks, Marcel. I've tried the complete test case on both i386 and x86_64
boxes, and neither produced a crash. Rather, the coverted "executable"
simply incurred a segmentation violation.
Please try to reproduce simple problems like this in the future. Thanks
in advance, Marcel.