linux: allow for interpreter to be truncated

via https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb5b020a8d38f77209d0472a0fea755299a8ec78 see NixOS/nixpkgs#53672
NixOS · Feb 15, 2019 · f0b8a11 · f0b8a11
1 parent 13d1ba3
commit f0b8a11
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 0 deletions.
diff --git a/pkgs/os-specific/linux/kernel/interpreter-trunc.patch b/pkgs/os-specific/linux/kernel/interpreter-trunc.patch
@@ -0,0 +1,44 @@
+From cb5b020a8d38f77209d0472a0fea755299a8ec78 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu, 14 Feb 2019 15:02:18 -0800
+Subject: Revert "exec: load_script: don't blindly truncate shebang string"
+
+This reverts commit 8099b047ecc431518b9bb6bdbba3549bbecdc343.
+
+It turns out that people do actually depend on the shebang string being
+truncated, and on the fact that an interpreter (like perl) will often
+just re-interpret it entirely to get the full argument list.
+
+Reported-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
+Acked-by: Kees Cook <keescook@chromium.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ fs/binfmt_script.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c
+index d0078cbb718b..7cde3f46ad26 100644
+--- a/fs/binfmt_script.c
++++ b/fs/binfmt_script.c
+@@ -42,14 +42,10 @@ static int load_script(struct linux_binprm *bprm)
+ 	fput(bprm->file);
+ 	bprm->file = NULL;
+
+-	for (cp = bprm->buf+2;; cp++) {
+-		if (cp >= bprm->buf + BINPRM_BUF_SIZE)
+-			return -ENOEXEC;
+-		if (!*cp || (*cp == '\n'))
+-			break;
+-	}
++	bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
++	if ((cp = strchr(bprm->buf, '\n')) == NULL)
++		cp = bprm->buf+BINPRM_BUF_SIZE-1;
+ 	*cp = '\0';
+-
+ 	while (cp > bprm->buf) {
+ 		cp--;
+ 		if ((*cp == ' ') || (*cp == '\t'))
+-- 
+cgit 1.2-0.3.lf.el7
+
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
@@ -57,4 +57,11 @@ rec {
       sha256 = "1l8xq02rd7vakxg52xm9g4zng0ald866rpgm8kjlh88mwwyjkrwv";
     };
   };
+
+  # https://github.com/NixOS/nixpkgs/issues/53672
+  # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb5b020a8d38f77209d0472a0fea755299a8ec78
+  interpreter-trunc = {
+    name = "interpreter-trunc";
+    patch = ./interpreter-trunc.patch;
+  };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -14576,27 +14576,31 @@ in
         # when adding a new linux version
         kernelPatches.cpu-cgroup-v2."4.11"
         kernelPatches.modinst_arg_list_too_long
+        kernelPatches.interpreter-trunc
       ];
   };
 
   linux_4_19 = callPackage ../os-specific/linux/kernel/linux-4.19.nix {
     kernelPatches =
       [ kernelPatches.bridge_stp_helper
         kernelPatches.modinst_arg_list_too_long
+        kernelPatches.interpreter-trunc
       ];
   };
 
   linux_4_20 = callPackage ../os-specific/linux/kernel/linux-4.20.nix {
     kernelPatches =
       [ kernelPatches.bridge_stp_helper
         kernelPatches.modinst_arg_list_too_long
+        kernelPatches.interpreter-trunc
       ];
   };
 
   linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix {
     kernelPatches = [
       kernelPatches.bridge_stp_helper
       kernelPatches.modinst_arg_list_too_long
+      kernelPatches.interpreter-trunc
     ];
   };
 
@@ -14611,6 +14615,7 @@ in
     kernelPatches = [
       kernelPatches.bridge_stp_helper
       kernelPatches.modinst_arg_list_too_long
+      kernelPatches.interpreter-trunc
     ];
   };