kern/56673: don't allow execve with NULL argv

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/56673: don't allow execve with NULL argv
From: jschauma%netmeister.org@localhost
Date: Wed, 26 Jan 2022 15:55:01 +0000 (UTC)

>Number:         56673
>Category:       kern
>Synopsis:       don't allow execve with NULL argv
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 26 15:55:01 +0000 2022
>Originator:     Jan Schaumann
>Release:        
>Organization:
	
>Description:

As illustrated on Linux by e.g., https://seclists.org/oss-sec/2022/q1/80,
calling execve(2) with a NULL argv can have unexpected consequences.

OpenBSD, for example, does not permit exexcve with a NULL argv, but NetBSD
does.

I'd suggest to fail if the argv is NULL.

>How-To-Repeat:

$ cat <<EOF >a.c
#include <stdlib.h>
#include <unistd.h>

int main() {
	char *argv[]={ NULL };
	char *envp[]={ NULL };
	execve("/bin/sh", argv, envp);
	exit(42);
}
EOF
$ cc a.c
$ ./a.out

	
>Fix:

Prev by Date: kern/56672: i915drmkms hangs on boot
Next by Date: Re: kern/56673: don't allow execve with NULL argv
Previous by Thread: kern/56672: i915drmkms hangs on boot
Next by Thread: Re: kern/56673: don't allow execve with NULL argv
Indexes:

Home | Main Index | Thread Index | Old Index