Re: kern/56673: don't allow execve with NULL argv

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jschauma%netmeister.org@localhost
Subject: Re: kern/56673: don't allow execve with NULL argv
From: Christos Zoulas <christos%zoulas.com@localhost>
Date: Mon, 31 Jan 2022 15:30:02 +0000 (UTC)

The following reply was made to PR kern/56673; it has been noted by GNATS.

From: Christos Zoulas <christos%zoulas.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: kern-bug-people%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost,
 jschauma%netmeister.org@localhost
Subject: Re: kern/56673: don't allow execve with NULL argv
Date: Mon, 31 Jan 2022 10:28:50 -0500

 --Apple-Mail=_B6F9B7A1-CE5F-4E65-A8FB-54A7826750C3
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii
 
 
 > Obviously any setuid/setgid applications should be checked quickly,
 > as those might be able to be coerced to do something strange - but
 > for the rest, assuming that there are no ordinary invocations (and in
 > NetBSD base I assume not, as no-one is reporting any bugs with other
 > apps randomly crashing because of this) there is no big hurry to fix
 > any that are broken, as (assuming ls was to be one such program, just as
 > an example ... I have no reason to suspect that it is however, just for
 > the purposes of exposition in this message) that someone can write a
 > program to exec ls (or whatever) with no args, and have it do something
 > strange (including perhaps dump core) isn't really a problem for anyone
 > but them (whatever ls did in such a case they could simply write code
 > to do, and run it).
 
 In that case we should at least put the check for set*id programs, like we've
 done with file descriptors :-)
 
 christos
 
 
 --Apple-Mail=_B6F9B7A1-CE5F-4E65-A8FB-54A7826750C3
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP
 
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - http://gpgtools.org
 
 iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCYfgAMgAKCRBxESqxbLM7
 Oo3eAJ9WNy7hW+/RxwFDJ6HQoWJv2EX/NgCgvVbKJLOHbmZHfmAAgW8AjhVfcJ8=
 =Ggsn
 -----END PGP SIGNATURE-----
 
 --Apple-Mail=_B6F9B7A1-CE5F-4E65-A8FB-54A7826750C3--

Prev by Date: Re: kern/56673: don't allow execve with NULL argv
Next by Date: Re: kern/56673: don't allow execve with NULL argv
Previous by Thread: Re: kern/56673: don't allow execve with NULL argv
Next by Thread: Re: kern/56673: don't allow execve with NULL argv
Indexes:

Home | Main Index | Thread Index | Old Index