From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752244AbdIVOgX (ORCPT ); Fri, 22 Sep 2017 10:36:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59596 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751851AbdIVOgW (ORCPT ); Fri, 22 Sep 2017 10:36:22 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EEC9C7D0CB Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=oleg@redhat.com Date: Fri, 22 Sep 2017 16:36:19 +0200 From: Oleg Nesterov To: Andrew Morton , Al Viro Cc: Ben Woodard , James Bottomley , Jim Foraker , Kees Cook , Travis Gummels , linux-kernel@vger.kernel.org Subject: [PATCH 0/5] exec: binfmt_misc: fix use-after-free, kill iname[BINPRM_BUF_SIZE] Message-ID: <20170922143619.GA17179@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 22 Sep 2017 14:36:22 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Note: 5/5 depends on -extern int bprm_change_interp(char *interp, struct linux_binprm *bprm); +extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm); change in [PATCH] exec: load_script: kill the onstack interp[BINPRM_BUF_SIZE] array https://marc.info/?l=linux-kernel&m=150575251328591 I sent before. Looks like this code was always wrong, then 948b701a607f ("binfmt_misc: add persistent opened binary handler for containers") added more problems. Oleg. fs/binfmt_misc.c | 56 ++++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 30 deletions(-)