diff -ur linux-2.4.27-gentoo-r3/fs/binfmt_elf.c linux-2.4.27-gentoo-r4/fs/binfmt_elf.c
--- linux-2.4.27-gentoo-r3/fs/binfmt_elf.c	2004-11-20 14:00:14.547133232 +0000
+++ linux-2.4.27-gentoo-r4/fs/binfmt_elf.c	2004-11-20 13:59:42.415018056 +0000
@@ -308,9 +308,12 @@
 		goto out;
 
 	retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
-	error = retval;
-	if (retval < 0)
+	error = -EIO;
+	if (retval != size) {
+		if (retval < 0)
+			error = retval;	
 		goto out_close;
+	}
 
 	eppnt = elf_phdata;
 	for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
@@ -686,8 +689,11 @@
 		goto out;
 
 	retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
-	if (retval < 0)
+	if (retval != size) {
+		if (retval >= 0)
+			retval = -EIO;
 		goto out_free_ph;
+	}
 		
 	files = current->files;		/* Refcounted so ok */
 	retval = unshare_files();
@@ -724,7 +730,8 @@
 			 */
 
 			retval = -ENOMEM;
-			if (elf_ppnt->p_filesz > PATH_MAX)
+			if (elf_ppnt->p_filesz > PATH_MAX || 
+			    elf_ppnt->p_filesz == 0)
 				goto out_free_file;
 			elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
 							   GFP_KERNEL);
@@ -734,8 +741,16 @@
 			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
 					   elf_interpreter,
 					   elf_ppnt->p_filesz);
-			if (retval < 0)
+			if (retval != elf_ppnt->p_filesz) {
+				if (retval >= 0)
+					retval = -EIO;
 				goto out_free_interp;
+			}
+			/* make sure path is NULL terminated */
+			retval = -EINVAL;
+			if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+				goto out_free_interp;
+
 			/* If the program interpreter is one of these two,
 			 * then assume an iBCS2 image. Otherwise assume
 			 * a native linux image.
@@ -754,8 +769,11 @@
 			if (IS_ERR(interpreter))
 				goto out_free_interp;
 			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
-			if (retval < 0)
+			if (retval != BINPRM_BUF_SIZE) {
+				if (retval >= 0)
+					retval = -EIO;
 				goto out_free_dentry;
+			}
 
 			/* Get the exec headers */
 			interp_ex = *((struct exec *) bprm->buf);
@@ -967,7 +985,10 @@
 #endif
 
 			if (BAD_ADDR(error))
-				continue;
+			{
+				send_sig(SIGKILL, current, 0);
+				goto out_free_dentry;
+			}
 
 			/* PaX: mirror at a randomized base */
 			down_write(&current->mm->mmap_sem);
@@ -1008,7 +1029,10 @@
 		{
 			error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
 			if (BAD_ADDR(error))
-				continue;
+			{
+				send_sig(SIGKILL, current, 0);
+				goto out_free_dentry;
+			}
 		}
 
 		if (!load_addr_set) {
Only in linux-2.4.27-gentoo-r4/fs: binfmt_elf.c.orig