[PATCH 0/5] exec: binfmt_misc: fix use-after-free, kill iname[BINPRM_BUF_SIZE]

From: Oleg Nesterov
Date: Fri Sep 22 2017 - 10:36:30 EST


Note: 5/5 depends on

-extern int bprm_change_interp(char *interp, struct linux_binprm *bprm);
+extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);

change in

[PATCH] exec: load_script: kill the onstack interp[BINPRM_BUF_SIZE] array
https://marc.info/?l=linux-kernel&m=150575251328591

I sent before.

Looks like this code was always wrong, then 948b701a607f ("binfmt_misc: add persistent
opened binary handler for containers") added more problems.

Oleg.

fs/binfmt_misc.c | 56 ++++++++++++++++++++++++++------------------------------
1 file changed, 26 insertions(+), 30 deletions(-)