re: kern/56673: don't allow execve with NULL argv

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jschauma%netmeister.org@localhost
Subject: re: kern/56673: don't allow execve with NULL argv
From: matthew green <mrg%eterna.com.au@localhost>
Date: Sun, 30 Jan 2022 23:55:02 +0000 (UTC)

The following reply was made to PR kern/56673; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: Jan Schaumann <jschauma%netmeister.org@localhost>
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
    netbsd-bugs%netbsd.org@localhost, gnats-bugs%netbsd.org@localhost
Subject: re: kern/56673: don't allow execve with NULL argv
Date: Mon, 31 Jan 2022 10:53:46 +1100

 Jan Schaumann writes:
 > If we already reject argv == NULL itself, as noted by
 > mrg@, then I really don't see a good argument to allow
 >
 >     char *argv[1] = { 0 };
 >
 > POSIX does not appear to prohibit enforcing argv[0] to
 > be non-NULL, and while it may at the same time _allow_
 > argv[0] == NULL, it strikes me as entirely reasonable
 > to prevent what almost inevitably is problematic.
 >
 > While we can fix all code in the NetBSD source tree to
 > not assume argv[0] != NULL, we cannot do the same for
 > all add-on software.  Preventing errant use of
 > (albeit permissible) coding errors makes for a more
 > robust OS.
 
 while kre is technically correct that the "should" and
 "shall" usage in the standard enables the current method,
 the RATIONALE is pretty clear on what they prefer and
 explicitly call out the accessing argv[0] issue.
 
    The wording, in particular the use of the word should,
    requires a Strictly Conforming POSIX Application to
    pass at least one argument to the exec function, thus
    guaranteeing that argc be one or greater when invoked
    by such an application. In fact, this is good practice,
    since many existing applications reference argv[0]
    without first checking the value of argc.
 
 i'm failing to see any real benefit for this *except* if
 you have an existing binary that relies upon this, though
 i'd really like to understand this if it were true (and
 why, if only to understand what went wrong...)
 
 i think it's folly to try to fix every argv[0] usage in
 the world.  there's probably new code written every day
 that assumes argv[0] is valid.
 
 i'm open to a sysctl to enable the existing usage for
 anyone that absolutely needs it.
 
 
 .mrg.

Follow-Ups:
- Re: kern/56673: don't allow execve with NULL argv
  - From: Joerg Sonnenberger

Prev by Date: re: kern/56673: don't allow execve with NULL argv
Next by Date: Re: kern/56673: don't allow execve with NULL argv
Previous by Thread: Re: kern/56673: don't allow execve with NULL argv
Next by Thread: Re: kern/56673: don't allow execve with NULL argv
Indexes:

Home | Main Index | Thread Index | Old Index