Leaking path for search_binary_handler
Stephen Smalley
sds at tycho.nsa.gov
Wed Sep 26 12:59:38 UTC 2018
On 09/25/2018 01:27 PM, Tong Zhang wrote:
> Kernel Version: 4.18.5
>
> Problem Description:
>
> search_binary_handler() should be called after setting bprm using prepare_binprm(),
> and in prepare_binprm(), there’s a LSM hook security_bprm_set_creds(),
> which can make a decision that binfmt cares.
>
> We found a leaking path In fs/binfmt_misc.c:235, that don’t ask LSM’s decision.
Do you mean the MISC_FMT_CREDENTIALS case? That looks intentional to me,
as noted in the comment there, and as per
Documentation/admin-guide/binfmt-misc.rst's discussion of the
credentials flag.
More information about the Linux-security-module-archive
mailing list