[laumars]

But again, the PDF would just open with the same program it would have regardless of whether it's called via binfmt_misc or not.

Besides, a much easier vector for attack in your example would be to create a shell script called "budget.pdf" since you then need to make fewer assumptions about the target. And since Linux doesn't care about file extensions, it's perfectly fine having a shebang prefixed script with a .pdf extension.

Which is one of many reasons why common advise is not to blindly run any executables you've just imported into your system.