Re: kern/56673: don't allow execve with NULL argv

[Jan Schaumann <jschauma%netmeister.org@localhost>]

Martin Husemann <martin%duskware.de@localhost> wrote:
>  On Wed, Jan 26, 2022 at 03:55:01PM +0000, jschauma%netmeister.org@localhost wrote:
>  > I'd suggest to fail if the argv is NULL.
>  
>  I'm ambivalent here. Posix does allow it and the behaviour is well defined
>  (if I didn't miss something).
>  
>  And setuid programs with stupid casts to unsigned (probably just added
>  there to silence the compiler warning) are dangerous - and this is not
>  a kernel issue.
>  
>  On the other hand there is probably no reasonable code out there that would
>  use this, so rejecting it might be ok.

If POSIX doesn't _require_ us to accept a NULL argv,
then I think it's reasonable to reject it:

,----[ https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html ]
| Early proposals required that the value of argc passed
| to main() be "one or greater". This was driven by the
| same requirement in drafts of the ISO C standard. In
| fact, historical implementations have passed a value
| of zero when no arguments are supplied to the caller
| of the exec functions. This requirement was removed
| from the ISO C standard and subsequently removed from
| this volume of POSIX.1-2017 as well. The wording, in
| particular the use of the word should, requires a
| Strictly Conforming POSIX Application to pass at least
| one argument to the exec function, thus guaranteeing
| that argc be one or greater when invoked by such an
| application. In fact, this is good practice, since
| many existing applications reference argv[0] without
| first checking the value of argc.
`----

Just seems like the safer thing to do in the absence
of a valid use case of a NULL argv.