Linuxpedia

< Back to index

binfmt_misc is a Linux kernel module which allows new executable file formats to be registered without recompiling the kernel, using a /proc interface. This allows rules to be defined which allow arbitrary files to be executed.

How it Works

If the binfmt_misc module is loaded, then the binfmt_misc filesystem can be mounted, like so:

mount -t binfmt_misc none /proc/sys/fs/binfmt_misc

Or with an entry in /etc/fstab:

none /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0

If the binfmt_misc filesystem is properly mounted, then the following files will exist in /proc/sys/fs/binfmt_misc:

--w------- 1 root root 0 register
-rw-r--r-- 1 root root 0 status

When the status file is read, it indicates the status of the binfmt_misc module: either "enabled" or "disabled." It can also be written: '1' enables, '0' disables, and '-1' clears all of the registered executable formats.

Writing a line to the register file will cause a new binary format to be registered. The line must be of the form:

:name:type:offset:magic:mask:interpreter:

name is the name of the new binary format. type is either E or M. If it is E, then the executable file format is identified by its file extension. If it is M, then the executable file format is identified by a magic number near the beginning of the file. If the type is E, then magic is the file extension to be associated with the binary format, and offset and mask should be left empty. Otherwise, magic is the magic number identifying the binary format, offset is the offset at which the magic number should be found in the file, and mask is bitwise ANDed with the magic string from the file, the result being that bits which are unset in the mask are ignored in the comparison to the magic.

interpreter is a path to an executable. When a file using a binfmt_misc-registered executable format is executed, this program is run with the executable as an argument.

When an executable file format is registered, a file with the name given to 'register' is created in the /proc/sys/fs/binfmt_misc directory. This file can be read to get information about the file format.

Examples

HTML

# cd /proc/sys/fs/binfmt_misc
# echo ':HTML:E::html::/usr/bin/firefox:' > register
# cat HTML
enabled
interpreter /usr/bin/firefox
flags:
extension .html
# cd
# chmod +x foo.html
# ./foo.html
-- If all goes well, Firefox opens foo.html --

Java

# cd /proc/sys/fs/binfmt_misc
# echo ':Java:M::\xca\xfe\xba\xbe::/usr/local/java/bin/javawrapper:' > register
(N.B.: Put something sensible in /usr/local/java/bin/javawrapper.)
# cat Java
enabled
interpreter /usr/local/java/bin/javawrapper
flags:
offset 0
magic cafebabe
# cd
# chmod +x foo.jar
# ./foo.jar
-- If all goes well, foo.jar executes --

This entry uses material from from Wikipedia, the leading user-contributed encyclopedia. It is licensed under the GNU Free Documentation License. Disclaimer.