On Thu, 6 Apr 2006, Hubert Feyrer wrote:

> I think this only happens if argc isn't consistent with argv[]. Looking at 
> the execl() etc. prototypes, it seems that "something" is calculating argc 
> automatically, and that an inconsistent argc can't be passed in malliciously 
> at least...

If execve doesn't carefully check its arguments, you could pass it an
argv consisting of ["foo", NULL, "bar"], and that would do it.

If our kernel does provide guarantees that there will be no NULLs in the
argv, this really ought to be documented. Even so, unless other systems
do this as well, it might be as well not to give the guarantee so that
our software won't break when used in other environments.

cjs
-- 
Curt Sampson            <cjs@cynic.net>             +81 90 7737 2974
   The power of accurate observation is commonly called cynicism
   by those who have not got it.    --George Bernard Shaw