On Tue, May 29, 2018 at 03:08:54PM -0700, Andrew Morton wrote:
On Tue, 29 May 2018 10:56:48 -0300 Thadeu Lima de Souza Cascardo cascardo@canonical.com wrote:
It's possible to overflow the offset to get a negative value, which might crash the system, or possibly leak kernel data.
I think the missing information here is "when registering a new binfmt_misc binary type", yes?
Yes, when registering a new type.
[...]
Cc: stable@vger.kernel.org
Registering a handler is a priveleged operation. As such, I don't think a -stable backport is needed?
Not when we take containers in mind. We might question the permission to mount a binfmt_misc inside a container, that may already have left open other ways of exploiting the system. But I would rather see this closed on my stable systems.
Cascardo.