[PATCH] binfmt_elf: randomize PIE binaries (2nd try)

Randomizes -pie compiled binaries from 64k (0x10000) up to ELF_ET_DYN_BASE.

0 -> 64k is excluded to allow NULL ptr accesses to fail.

Signed-off-by: Marcus Meissner <meissner@suse.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Dave Jones <davej@codemonkey.org.uk>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index cc72bb43061d991edb60f809581f307b31bbd268..b2efbaead6c3154fd0f12b364cdea9b42fa5f65d 100644 (file)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -856,7 +856,13 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
                         * default mmap base, as well as whatever program they
                         * might try to exec.  This is because the brk will
                         * follow the loader, and is not movable.  */
-                       load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+                       if (current->flags & PF_RANDOMIZE)
+                               load_bias = randomize_range(0x10000,
+                                                           ELF_ET_DYN_BASE,
+                                                           0);
+                       else
+                               load_bias = ELF_ET_DYN_BASE;
+                       load_bias = ELF_PAGESTART(load_bias - vaddr);
                }
 
                error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,