Leaking path for search_binary_handler
From: Tong Zhang
Date: Tue Sep 25 2018 - 13:27:13 EST
Kernel Version: 4.18.5
Problem Description:
search_binary_handler() should be called after setting bprm using prepare_binprm(),
and in prepare_binprm(), thereâs a LSM hook security_bprm_set_creds(),
which can make a decision that binfmt cares.
We found a leaking path In fs/binfmt_misc.c:235, that donât ask LSMâs decision.
- Tong