From 75eb8a146de8db0240e2eb3434074c700da2ba3c Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 7 Apr 2019 19:08:18 +0200 Subject: [PATCH] kernel: Deactivate CONFIG_BINFMT_MISC CONFIG_BINFMT_MISC allows it to add support for new executable formats to the kernel from user space, the kernel will then detect for example a java binary and call the java execution program automatically. I am not aware that this feature is used in OpenWrt and this could be used to exploit something. Deactivate it for all targets for now. Signed-off-by: Hauke Mehrtens --- target/linux/gemini/config-4.14 | 1 - target/linux/gemini/config-4.19 | 1 - target/linux/omap/config-4.14 | 1 - target/linux/sunxi/config-4.14 | 1 - target/linux/sunxi/config-4.19 | 1 - target/linux/uml/config/x86_64 | 1 - target/linux/x86/config-4.14 | 1 - target/linux/x86/config-4.19 | 1 - 8 files changed, 8 deletions(-) diff --git a/target/linux/gemini/config-4.14 b/target/linux/gemini/config-4.14 index 9a7e9240e5..8dddf02018 100644 --- a/target/linux/gemini/config-4.14 +++ b/target/linux/gemini/config-4.14 @@ -44,7 +44,6 @@ CONFIG_ATA=y CONFIG_ATAGS=y CONFIG_ATA_VERBOSE_ERROR=y CONFIG_AUTO_ZRELADDR=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_MQ_PCI=y CONFIG_BLK_SCSI_REQUEST=y diff --git a/target/linux/gemini/config-4.19 b/target/linux/gemini/config-4.19 index d9b9cd7316..745bad67da 100644 --- a/target/linux/gemini/config-4.19 +++ b/target/linux/gemini/config-4.19 @@ -44,7 +44,6 @@ CONFIG_ATA=y CONFIG_ATAGS=y CONFIG_ATA_VERBOSE_ERROR=y CONFIG_AUTO_ZRELADDR=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_MQ_PCI=y CONFIG_BLK_SCSI_REQUEST=y diff --git a/target/linux/omap/config-4.14 b/target/linux/omap/config-4.14 index 795ff758e3..67a33d2b23 100644 --- a/target/linux/omap/config-4.14 +++ b/target/linux/omap/config-4.14 @@ -68,7 +68,6 @@ CONFIG_BACKLIGHT_LCD_SUPPORT=y # CONFIG_BACKLIGHT_PWM is not set # CONFIG_BACKLIGHT_TPS65217 is not set CONFIG_BCH=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 diff --git a/target/linux/sunxi/config-4.14 b/target/linux/sunxi/config-4.14 index d7d9f60a6d..ab7dc9c9b8 100644 --- a/target/linux/sunxi/config-4.14 +++ b/target/linux/sunxi/config-4.14 @@ -65,7 +65,6 @@ CONFIG_AXP20X_POWER=y CONFIG_BACKLIGHT_CLASS_DEVICE=y CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_BACKLIGHT_PWM=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_SCSI_REQUEST=y diff --git a/target/linux/sunxi/config-4.19 b/target/linux/sunxi/config-4.19 index c684c04e17..ef5e1b28d3 100644 --- a/target/linux/sunxi/config-4.19 +++ b/target/linux/sunxi/config-4.19 @@ -73,7 +73,6 @@ CONFIG_AXP20X_POWER=y CONFIG_BACKLIGHT_CLASS_DEVICE=y CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_BACKLIGHT_PWM=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_SCSI_REQUEST=y diff --git a/target/linux/uml/config/x86_64 b/target/linux/uml/config/x86_64 index 22fc8fb7e0..7223edd8a2 100644 --- a/target/linux/uml/config/x86_64 +++ b/target/linux/uml/config/x86_64 @@ -10,7 +10,6 @@ CONFIG_ARCH_HAS_KCOV=y # CONFIG_ARCH_OPTIONAL_KERNEL_RWX is not set # CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT is not set # CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA is not set -CONFIG_BINFMT_MISC=m CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_UBD=y diff --git a/target/linux/x86/config-4.14 b/target/linux/x86/config-4.14 index c31783eb8f..ae96e4d97a 100644 --- a/target/linux/x86/config-4.14 +++ b/target/linux/x86/config-4.14 @@ -54,7 +54,6 @@ CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_ATA=y CONFIG_ATA_GENERIC=y CONFIG_ATA_PIIX=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_MQ_PCI=y diff --git a/target/linux/x86/config-4.19 b/target/linux/x86/config-4.19 index 80a94b24d3..d395876955 100644 --- a/target/linux/x86/config-4.19 +++ b/target/linux/x86/config-4.19 @@ -53,7 +53,6 @@ CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_ATA=y CONFIG_ATA_GENERIC=y CONFIG_ATA_PIIX=y -CONFIG_BINFMT_MISC=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_MQ_PCI=y