Re: kern/56673: don't allow execve with NULL argv

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jschauma%netmeister.org@localhost
Subject: Re: kern/56673: don't allow execve with NULL argv
From: Jan Schaumann <jschauma%netmeister.org@localhost>
Date: Mon, 31 Jan 2022 14:15:01 +0000 (UTC)

The following reply was made to PR kern/56673; it has been noted by GNATS.

From: Jan Schaumann <jschauma%netmeister.org@localhost>
To: Robert Elz <kre%munnari.OZ.AU@localhost>
Cc: Joerg Sonnenberger <joerg%bec.de@localhost>, gnats-bugs%netbsd.org@localhost,
	kern-bug-people%netbsd.org@localhost
Subject: Re: kern/56673: don't allow execve with NULL argv
Date: Mon, 31 Jan 2022 09:11:50 -0500

 Robert Elz <kre%munnari.OZ.AU@localhost> wrote:

 > I doubt fixing breakage here would be very hard, finding refs
 > to refs of argv[0] isn't all that difficult.   This also is not
 > urgent, I'm not aware af anything that calls any of the exec()
 > functions without giving a value for argv[0] - is anyone?

 Are you asking for calls in base or for _any_ example?

 The polkit vulnerabiity (CVE-2021-4034)) that prompted
 me to open this PR is an example.  polkit is available
 via pkgsrc, so conceivably vulnerable on NetBSD
 (although I haven't verified it).

 -Jan

Follow-Ups:
- Re: kern/56673: don't allow execve with NULL argv
  - From: Christos Zoulas

Prev by Date: Re: lib/56622: Improve libedit compatibility with readline related to rl_readline_state
Next by Date: PR/56622 CVS commit: src/lib/libedit
Previous by Thread: Re: kern/56673: don't allow execve with NULL argv
Next by Thread: Re: kern/56673: don't allow execve with NULL argv
Indexes:

Home | Main Index | Thread Index | Old Index