NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/56673: don't allow execve with NULL argv
The following reply was made to PR kern/56673; it has been noted by GNATS.
From: Christos Zoulas <christos%zoulas.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: kern-bug-people%netbsd.org@localhost,
gnats-admin%netbsd.org@localhost,
netbsd-bugs%netbsd.org@localhost,
jschauma%netmeister.org@localhost
Subject: Re: kern/56673: don't allow execve with NULL argv
Date: Mon, 31 Jan 2022 09:41:14 -0500
--Apple-Mail=_EA25A4D9-A4C8-4715-81DC-0AC4C1D91517
Content-Type: multipart/alternative;
boundary="Apple-Mail=_883632D1-401E-48E7-B63B-A9B26E10D83F"
--Apple-Mail=_883632D1-401E-48E7-B63B-A9B26E10D83F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
I see this as an instance of a non-conforming environment as described =
in:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html =
<https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html>
It was the case in the past that we did not deal with 0, 1, 2 being =
closed,
but now we do, at least for set*id executables. The fact that the =
documentation
explicitly does not call having argc !=3D 0 and argv[0] pointing to =
valid memory
out *yet* as a requirement does not mean that we should not make the
world a safer place and enforce it. I see it simply as putting a check =
in one
place instead of forcing everyone to be check for it. It is good =
hygiene.
Best,
christos
--Apple-Mail=_883632D1-401E-48E7-B63B-A9B26E10D83F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">I =
see this as an instance of a non-conforming environment as described =
in:<div class=3D""><a =
href=3D"https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.ht=
ml" =
class=3D"">https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec=
.html</a></div><div class=3D""><br class=3D""></div><div class=3D"">It =
was the case in the past that we did not deal with 0, 1, 2 being =
closed,</div><div class=3D"">but now we do, at least for set*id =
executables. The fact that the documentation</div><div =
class=3D"">explicitly does not call having argc !=3D 0 and argv[0] =
pointing to valid memory</div><div class=3D"">out *yet* as a requirement =
does not mean that we should not make the</div><div class=3D"">world a =
safer place and enforce it. I see it simply as putting a check in =
one</div><div class=3D"">place instead of forcing everyone to be check =
for it. It is good hygiene.</div><div class=3D""><br class=3D""></div><div=
class=3D"">Best,</div><div class=3D""><br class=3D""></div><div =
class=3D"">christos<br class=3D""><div><br class=3D""></div><br =
class=3D""></div></body></html>=
--Apple-Mail=_883632D1-401E-48E7-B63B-A9B26E10D83F--
--Apple-Mail=_EA25A4D9-A4C8-4715-81DC-0AC4C1D91517
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCYff1CgAKCRBxESqxbLM7
Or4MAKCYaid/OZ7Rdy/oZXqTTgrW6rSzLgCgwwzlcAd/zxQunBnAIvmgdn0l7UE=
=6deB
-----END PGP SIGNATURE-----
--Apple-Mail=_EA25A4D9-A4C8-4715-81DC-0AC4C1D91517--
Home |
Main Index |
Thread Index |
Old Index